Primary datacenter for logical router

ABSTRACT

Some embodiments provide a method for implementing a logical router that spans multiple datacenters. The method receives a configuration for a set of logical switches and a logical router (LR) that (i) handles data traffic between data compute nodes (DCNs) connected to the logical switches and endpoints not connected to the set of logical switches and (ii) performs stateful services on the traffic. The DCNs include at least one DCN operating in each datacenter. For each datacenter, the method defines a centralized routing component (SR) for the LR for handling the traffic between the DCNs in the datacenter and the endpoints not connected to the set of logical switches. The method designates one of the SRs as a primary SR and the other SRs as secondary SRs. The secondary SRs forward traffic, received from DCNs in their respective datacenters and for which stateful services are required, to the primary SR.

BACKGROUND

As more networks move to the cloud, it is more common for onecorporation or other entity to have networks spanning multiple sites.While logical networks that operate within a single site are wellestablished, there are various challenges in having logical networksspan multiple physical sites (e.g., datacenters). The sites should beself-contained, while also allowing for data to be sent from one site toanother easily. Various solutions are required to solve these issues.

BRIEF SUMMARY

Some embodiments provide a system for implementing a logical networkthat spans across multiple datacenters (e.g., in multiple differentgeographic regions). In some embodiments, a user (or multiple users)defines the logical network as a set of logical network elements (e.g.,logical switches, logical routers, logical middleboxes) and policies(e.g., forwarding policies, firewall policies, NAT rules, etc.). Thelogical forwarding elements (LFEs) may be implemented across some or allof the multiple datacenters, such that data traffic is transmitted (i)between logical network data compute nodes (DCNs) within a datacenter,(ii) between logical network DCNs in two different datacenters, and(iii) between logical network DCNs in a datacenter and endpointsexternal to the logical network (e.g., external to the datacenters).

The logical network, in some embodiments, is a conceptual networkstructure that a network administrator (or multiple networkadministrators) define through a set of network managers. Specifically,some embodiments include a global manager as well as local managers foreach datacenter. In some embodiments, any LFEs that span multipledatacenters are defined through the global manager while LFEs that areentirely implemented within a specific datacenter may be defined througheither global manager or the local manager for that specific datacenter.

The logical network may include both logical switches (to which logicalnetwork DCNs attach) and logical routers. Each LFE (e.g., logical switchor logical router) is implemented across one or more datacenters,depending on how the LFE is defined by the network administrator. Insome embodiments, the LFEs are implemented within the datacenter bymanaged forwarding elements (MFEs) executing on host computers that alsohost DCNs of the logical network (e.g., in virtualization software ofthe host computers) and/or on edge devices within the datacenters. Theedge devices, in some embodiments, are computing devices that may bebare metal machines executing a datapath and/or computers on which DCNsexecute a datapath. These datapaths, in some embodiments, performvarious gateway operations (e.g., gateways for stretching logicalswitches across datacenters, gateways for executing centralized featuresof logical routers such as performing stateful services and/orconnecting to external networks).

Logical routers, in some embodiments, may include tier-0 logical routers(which connect directly to external networks, such as the Internet) andtier-1 logical routers (which may be interposed between logical switchesand tier-0 logical routers). Logical routers, in some embodiments, aredefined by the network managers (e.g., the global manager, for logicalrouters spanning more than one datacenter) to have one or more routingcomponents, depending on how the logical router has been configured bythe network administrator. Tier-1 logical routers, in some embodiments,may have only a distributed routing component (DR), or may have bothdistributed routing components as well as centralized routing components(also referred to as service routers, or SRs). SRs, for tier-1 routers,allow for centralized (e.g., stateful) services to be performed on datamessages sent to or from DCNs connected to logical switches that connectto the tier-1 logical router (i.e., from DCNs connected to other logicalswitches that do not connect to the tier-1 logical router, or fromexternal network endpoints). Tier-1 logical routers may be connected totier-0 logical routers in some embodiments which, as mentioned, handledata messages exchanged between the logical network DCNs and externalnetwork endpoints. These tier-0 logical routers may also have a DR aswell as one or more SRs (e.g., SRs at each datacenter spanned by the T0logical router). The details of the SR implementation for both tier-1and tier-0 logical routers are discussed further below.

As mentioned, the LFEs of a logical network may be implemented by MFEsexecuting on source host computers as well as by edge devices. When alogical network DCN sends a data message to another logical network DCN,the MFE (or set of MFEs) executing on the host computer at which thesource DCN resides performs logical network processing. In someembodiments, the source host computer MFE set (collectively referred toherein as the source MFE) performs processing for as much of the logicalnetwork as possible (referred to as first-hop logical processing). Thatis, the source MFE processes the data message through the logicalnetwork until either (i) the destination logical port for the datamessage is determined or (ii) the data message is logically forwarded toan LFE for which the source MFE cannot perform processing (e.g., an SRof a logical router). For instance, if the source DCN sends a datamessage to another DCN on the same logical switch, then the source MFEwill only need to perform logical processing for the logical switch todetermine the destination of the data message. If a source DCN attachedto a first logical switch sends a data message to a DCN on a secondlogical switch that is connected to the same tier-1 logical router asthe first logical switch, then the source MFE performs logicalprocessing for the first logical switch, the DR of the logical router,and the second logical switch to determine the destination of the datamessage. On the other hand, if a source DCN attached to a first logicalswitch sends a data message to a DCN on a second logical switch that isconnected to a different tier-1 logical router than the first logicalswitch, then the source MFE may only perform logical processing for thefirst logical switch, the tier-1 DR (which routes the data message tothe tier-1 SR), and a transit logical switch connecting the tier-1 DR tothe tier-1 SR within the datacenter. Additional processing may beperformed on one or more edge devices in one or more datacenters,depending on the configuration of the logical network (as describedfurther below).

Once the source MFE identifies the destination (e.g., a destinationlogical port on a particular logical switch), this source MFE transmitsthe data message to the destination. In some embodiments, the source MFEmaps the combination of (i) the destination layer 2 (L2) address (e.g.,MAC address) of the data message and (ii) the logical switch beingprocessed to which that L2 address attaches to a tunnel endpoint orgroup of tunnel endpoints, allowing the source MFE to encapsulate thedata message and transmit the data message to the destination tunnelendpoint. Specifically, if the destination DCN operates on a hostcomputer located within the same datacenter, the source MFE can transmitthe data message directly to that host computer by encapsulating thedata message using a destination tunnel endpoint address correspondingto the host computer.

On the other hand, if the source MFE executes on a first host computerin a first datacenter and the destination DCN operates on a second hostcomputer in a second, different datacenter, in some embodiments the datamessage is transmitted (i) from the source MFE to a first logicalnetwork gateway in the first datacenter, (ii) from the first logicalnetwork gateway to a second logical network gateway in the seconddatacenter, and (iii) from the second logical network gateway to adestination MFE executing on the second host computer. The destinationMFE can then deliver the data message to the destination DCN.

Some embodiments implement logical network gateways on edge devices inthe datacenters to handle logical switch forwarding between datacenters.As with the SRs, logical network gateways are implemented in the edgedevice datapaths in some embodiments. In some embodiments, separatelogical network gateways are assigned for each logical switch. That is,for a given logical switch, one or more logical network gateways areassigned to edge devices in each datacenter within the span of thelogical switch (e.g., by the local manager in the datacenter). Thelogical switches for which logical network gateways are implemented mayinclude administrator-defined logical switches to which logical networkDCNs connect as well as other types of logical switches (e.g., backplanelogical switches that connect the SRs for one logical router).

In some embodiments, for a given logical switch, the logical networkgateways are implemented in active-standby configuration. That is, ineach datacenter spanned by the logical switch, an active logical networkgateway is assigned to one edge device and one or more standby logicalnetwork gateways are assigned to additional edge devices. The activelogical network gateways handle all of the inter-site data traffic forthe logical switch, except in the case of failover. In otherembodiments, the logical network gateways for the logical switch areimplemented in active-active configuration. In this configuration, allof the logical network gateways in a particular datacenter are capableof handling inter-site data traffic for the logical switch.

For each logical switch, the logical network gateways form a mesh insome embodiments (i.e., the logical network gateways for the logicalswitch in each datacenter can directly transmit data messages to thelogical network gateways for the logical switch in each otherdatacenter). In some embodiments, irrespective of whether the logicalnetwork gateways are implemented in active-standby or active-activemode, the logical network gateways for a logical switch in a firstdatacenter establish communication with all of the other logical networkgateways in the other datacenters (both active and standby logicalnetwork gateways). In other embodiments, the logical network gatewaysuse a hub-and-spoke model of communication, in which case traffic may beforwarded through a central (hub) logical network gateway in aparticular datacenter, even if neither the source nor destination of aspecific data message resides in that particular datacenter.

Thus, for a data message between DCNs in two datacenters, the source MFEidentifies the logical switch to which the destination DCN attaches(which may not be the same as the logical switch to which the source DCNattaches) and transmits the data message to the logical network gatewayfor that logical switch in its datacenter. That logical network gatewaytransmits the data message to the logical network gateway for thelogical switch in the destination datacenter, which transmits the datamessage to the destination MFE. In some embodiments, each of these threetransmitters (source MFE, first logical network gateway, second logicalnetwork gateway) encapsulates the data message with a different tunnelheader (e.g., using VXLAN, Geneve, NGVRE, STT, etc.). Specifically, eachtunnel header includes (i) a source tunnel endpoint address, (ii) adestination tunnel endpoint address, and (iii) a virtual networkidentifier (VNI).

In some embodiments, the VNIs used in each of the tunnel headers maps toa logical switch to which the data message belongs. That is, when thesource MFE performs processing for a particular logical switch andidentifies that the destination for the data message connects to theparticular logical switch, the source MFE uses the VNI for thatparticular logical switch in the encapsulation header. In someembodiments, the local manager at each datacenter manages a separatepool of VNIs for its datacenter, and the global manager manages aseparate pool of VNIs for the network between logical network gateways.These pools may be exclusive or overlapping, as they are separatelymanaged without any need for reconciliation. This enables a datacenterto be added to a federated group of datacenters without a need to modifythe VNIs used within the newly added datacenter.

Accordingly, the logical network gateways perform VNI translation insome embodiments. At the source host computer in a first datacenter,after determining the destination for a data message and the logicalswitch to which that destination connects, the source MFE encapsulatesthe data message using a first VNI corresponding to the logical switchwithin the first datacenter, and transmits the packet to the edge deviceat which the logical network gateway for the logical switch isimplemented within the first datacenter. The edge device receives thedata message and executes a datapath processing pipeline stage for thelogical network gateway based on the receipt of the data message at aparticular interface and the first VNI in the tunnel header of theencapsulated data message.

The logical network gateway in the first datacenter uses the destinationaddress of the data message (the underlying logical network datamessage, not the destination address in the tunnel header) to determinea second datacenter to which the data message should be sent, andre-encapsulates the data message with a new tunnel header that includesa second, different VNI. This second VNI is the VNI for the logicalswitch used within the inter-site network, as managed by the globalnetwork manager. This re-encapsulated data message is sent through theintervening network between the logical network gateways (e.g., a VPN,WAN, public network, etc.) to the logical network gateway for thelogical switch within the second datacenter.

The edge device implementing the logical network gateway for the logicalswitch in the second datacenter receives the encapsulated data messageand executes a datapath processing pipeline stage (similar to thatexecuted by the first edge device) for the logical network gateway basedon the receipt of the data message at a particular interface and thesecond VNI in the tunnel header of the encapsulated data message). Thelogical network gateway in the second datacenter uses the destinationaddress of the underlying logical network data message to determine thedestination host computer for the data message within the seconddatacenter, and re-encapsulates the data message with a third tunnelheader that includes a third VNI. This third VNI is the VNI for thelogical switch used within the second datacenter, as managed by thelocal network manager for the second datacenter. This re-encapsulateddata message is sent through the physical network of the seconddatacenter to the destination host computer, and the MFE at thisdestination host computer uses the VNI and destination address of theunderlying data message to deliver the data message to the correct DCN.

As noted, in addition to the VNI, the tunnel headers used to transmitlogical network data messages also include source and destination tunnelendpoint addresses. In some embodiments, the host computers (e.g., theMFEs executing on the host computers) as well as the edge devices storerecords that map (for a given logical switch context) MAC addresses (orother L2 addresses) to tunnel endpoints used to reach those MACaddresses. This enables the source MFE or logical network gateway todetermine the destination tunnel endpoint address with which toencapsulate a data message for a particular logical switch.

For data messages sent within a single datacenter, the source MFE usesrecords that map a single tunnel endpoint (referred to as a virtualtunnel endpoint, or VTEP) network address to one or more MAC addresses(of logical network DCNs) that are reachable via that VTEP. Thus, if aVM or other DCN having a particular MAC address resides on a particularhost computer, the record for the VTEP associated with that particularhost computer maps to the particular MAC address.

In addition, for each logical switch for which an MFE processes datamessages and that is stretched to multiple datacenters, in someembodiments the MFE stores an additional VTEP group record for thelogical switch that enables the MFE to encapsulate data messages to besent to the logical network gateway(s) for the logical switch in thedatacenter. The VTEP group record, in some embodiments, maps a set oftwo or more VTEPs (of the logical network gateways) to all MAC addressesconnected to the logical switch that are located in any otherdatacenter. When a source MFE for a data message identifies the logicalswitch and destination MAC address for a data message, the source MFEidentifies the VTEP record or VTEP group record to which the MAC addressmaps in the context of the identified logical switch (different logicalnetworks within a datacenter may use overlapping MAC addresses, butthese will be in the context of different, isolated logical switches).When the destination MAC address corresponds to a DCN in a differentdatacenter, the source MFE will identify the VTEP group record and useone of the VTEP network addresses in the VTEP group as the destinationtunnel endpoint address for encapsulating the data message, such thatthe encapsulated data message is transmitted through the datacenter toone of the logical network gateways for the logical switch.

When the logical network gateways are configured in active-standby mode,the VTEP group record identifies the current active VTEP, and the sourceMFE will always select this network address from the VTEP group record.On the other hand, when the logical network gateways are inactive-active mode, the source MFE may use any one of the networkaddresses in the VTEP group record. Some embodiments use a loadbalancing operation (e.g., a round-robin algorithm, a deterministichash-based algorithm, etc.) to select one of the network addresses fromthe VTEP group record.

The use of logical network gateways and VTEP groups allows for manylogical switches to be stretched across multiple datacenters without thenumber of tunnels (and therefore VTEP records stored at each MFE)exploding. Rather than needing to store a record for every host computerin every datacenter on which at least one DCN resides for a logicalswitch, all of the MAC addresses residing outside of the datacenter areaggregated into a single record that maps to a group of logical networkgateway VTEPs.

In addition, the use of VTEP groups allows for failover of the logicalnetwork gateways in a particular datacenter without the need for everyhost in the datacenter to relearn all of the MAC addresses in all of theother datacenters that map to the logical network gateway VTEP. In someembodiments, the MAC:VTEP mappings may be learned via Address ResolutionProtocol (ARP) or via receipt of data messages from the VTEP. Inaddition, in some embodiments, many of the mappings are shared vianetwork controller clusters that operate in each of the datacenters. Insome such embodiments, the majority of the mappings are shared via thenetwork controller clusters, while learning via ARP and data messagereceipt is used more occasionally. With the use of VTEP groups, when anactive logical network gateway fails, one of the standby logical networkgateways for the same logical switch becomes the new active logicalnetwork gateway. This newly active logical network gateway notifies theMFEs in its datacenter that require the information (i.e., the MFEs thatprocess data messages for the logical switch) that it is the new activemember for its VTEP group (e.g., via a specialized encapsulated datamessage). This allows these MFEs to simply modify the list of VTEPs inthe VTEP group record, without the need to create a new record andrelearn all of the MAC addresses for the record.

In some embodiments, the edge devices hosting logical network gatewayshave both VTEPs that face the host computers of their datacenter as wellas separate tunnel endpoints (e.g., corresponding to differentinterfaces) that face the inter-datacenter network, for communicationwith other edge devices. These tunnel endpoints are referred to hereinas remote tunnel endpoints (RTEPs). In some embodiments, each logicalnetwork gateway implemented within a particular datacenter stores (i)VTEP records for determining destination tunnel endpoints within theparticular datacenter when processing data messages received from otherlogical network gateways (i.e., via the RTEPs) as well as (ii) RTEPgroup records for determining destination tunnel endpoints for datamessages received from within the particular datacenter.

When the edge device receives a data message for a particular logicalswitch from another logical network gateway, in some embodiments theedge device executes a datapath pipeline processing stage for thelogical network gateway, based on the inter-site VNI and the receipt ofthe data message via its RTEP. The logical network gateway for thelogical switch maps the destination MAC address to one of its storedVTEP records for the logical switch context and uses this VTEP as thedestination network address in the tunnel header when transmitting thedata message to the datacenter.

Conversely, when the edge device receives a data message for theparticular logical switch from a host computer within the datacenter, insome embodiments the edge device executes the datapath pipelineprocessing stage for the logical network gateway based on thedatacenter-specific VNI for the logical switch and the receipt of thedata message via its VTEP. The logical network gateway stores RTEP grouprecords for each other datacenter spanned by the logical switch and usesthese to determine the destination network address for the tunnelheader. Each RTEP group record, in some embodiments, maps a set of twoor more RTEPs for a given datacenter (i.e., the RTEPs for the logicalnetwork gateways at that datacenter for the particular logical switch)to all MAC addresses connected to the particular logical switch that arelocated at that datacenter. The logical network gateway maps thedestination MAC address of the underlying data message to one of theRTEP group records (using ARP on the inter-site network if no record canbe found), and selects one of the RTEP network addresses in theidentified RTEP group to use as the destination tunnel endpoint addressfor encapsulating the data message, such that the encapsulated datamessage is transmitted through the inter-site network to one of thelogical network gateways for the particular logical switch at thedatacenter where the destination DCN resides.

When the logical network gateways are configured in active-standby mode,the RTEP group record identifies the current active RTEP, and thelogical network gateway will always select this network address from theRTEP group record. On the other hand, when the logical network gatewaysare in active-active mode, the logical network gateway may use any oneof the network addresses in the identified RTEP group record. Someembodiments use a load balancing operation (e.g., a round-robinalgorithm, a deterministic hash-based algorithm, etc.) to select one ofthe network addresses from the RTEP group record.

Similar to VTEP groups, the use of RTEP groups allows for failover ofthe logical network gateways in a particular datacenter without the needfor every logical network gateway in the other datacenters to relearnall of the MAC addresses that map to the logical network in theparticular datacenter. As with the MAC: VTEP mappings, the MAC:RTEPmappings are preferably learned via the network controller clusters,with learning via ARP and data message receipt also available. When anactive logical network gateway in a particular datacenter fails, one ofthe standby logical network gateways for the same logical switch in theparticular datacenter becomes the new active logical network gateway.This newly-active logical network gateway notifies the logical networkgateways for the logical switch at the other datacenters that requirethe information (i.e., the other datacenters spanned by the logicalswitch) that it is the new active member for its VTEP group (e.g., via arouting protocol message). This allows these other logical networkgateways to simply modify the list of RTEPs in their RTEP group record,without the need to create a new record and relearn all of the MACaddresses for the record.

As noted above, the logical networks of some embodiments are defined toinclude tier-1 and/or tier-0 logical routers, in addition to the logicalswitches. In some embodiments, logical switches (i.e., the logicalswitches to which DCNs connect) connect directly to tier-1 (T1) logicalrouters, which can link different logical switches together as well asprovide services to the logical switches connected to them. In someembodiments, the T1 logical routers may be entirely distributed (e.g.,if just providing a connection between logical switches that avoids theuse of a T0 logical router), or include centralized SR componentsimplemented on edge devices (e.g., to perform stateful services for datamessages sent to and from the logical switches connected to the T1logical router.

In addition, in some embodiments, T1 logical routers and the logicalswitches connected to them may be defined entirely within a singledatacenter of a federated set of datacenters. In some embodiments,constructs of the logical network that span multiple datacenters (e.g.,T0 logical routers, T1 logical routers, logical switches, securitygroups, etc.) are defined by a network administrator through the globalmanager. However, a network administrator (e.g., the same admin or adifferent, local admin) can also define networks that are local to aspecific datacenter through the global manager. These T1 logical routerscan be connected to a datacenter-specific T0 logical router for handlingdata traffic with external networks or can instead be connected to a T0logical router of the datacenter-spanning logical network in someembodiments. As described below, when datacenter-specific T1 logicalrouters are connected to a T0 logical router that spans multipledatacenters, in some embodiments the SRs of the T0 logical router shareroutes advertised by the datacenter-specific T1 logical router.

When a globally-defined T1 logical router is defined to provide statefulservices at SRs, the network administrator can define the datacenters towhich the T1 spans in some embodiments (a globally-defined T1 logicalrouter without SRs will automatically span to all of the datacentersspanned by the T0 logical router to which it connects). For a T1 logicalrouter with stateful services, the network administrator can define theT1 logical router to span to any of the datacenters spanned by the T0logical router to which it connects; that is, the T1 logical routercannot be defined to span to datacenters not spanned by the T0 logicalrouter.

Some embodiments allow the T1 SRs to be deployed in active-active modeor active-standby mode, while other embodiments only allowactive-standby mode (e.g., if the SR is providing stateful services suchas a stateful firewall, stateful load balancing, etc.). The T1 SRs, insome embodiments, provide stateful services for traffic between (i) DCNsconnected to logical switches that connect to the T1 logical router and(ii) endpoints outside of that T1 logical router, which could includeendpoints external to the logical network and datacenter as well aslogical network endpoints connected to other logical switches.

In addition, for T1 logical routers that have SRs located in multipledatacenters, some embodiments allow (or require) the networkadministrator to select one of the datacenters as a primary site for theT1 logical router. In this case, all traffic requiring stateful servicesis routed to the primary site active SR. When a DCN that is located at asecondary datacenter sends a data message to an endpoint external to theT1 logical routers, the source MFE for the data message performsfirst-hop logical processing, such that the DR routes the data messageto the active SR within that secondary datacenter, and transmits thedata message through the datacenter according to the transit logicalswitch (e.g., using the transit logical switch VNI) for the datacenterbetween the T1 DR and T1 SR. As mentioned, in some embodiments thenetwork managers define a transit logical switch within each datacenterto connect the DR for the logical router to the SRs within thedatacenter for the logical router. As this transit logical switch onlyspans a single datacenter, there is no need to define logical networkgateways for the transit logical switch.

The active SR within the secondary datacenter routes the data message tothe active SR in the primary datacenter according to its routing tablewhich, as described below, is configured by a combination of the networkmanagers and routing protocol synchronization between the SRs. The edgedevice implementing the active T1 SR in the secondary datacentertransmits the data message (according to the logical network gateway forthe backplane logical switch connecting the SRs, using the backplanelogical switch VNI) to the edge device implementing the active T1 SR inthe primary datacenter.

As described above, in some embodiments a backplane logical switch isautomatically configured by the network managers to connect the SRs of alogical router. This backplane logical switch is stretched across all ofthe datacenters at which SRs are implemented for the logical router, andtherefore logical network gateways are implemented at each of thesedatacenters for the backplane logical switch. In some embodiments, thenetwork managers link the SRs of a logical router with the logicalnetwork gateways for the backplane logical switch connecting those SRs,so that they are always implemented on the same edge devices. That is,the active SR within a datacenter and the active logical network gatewayfor the corresponding backplane logical switch within that datacenterare assigned to the same edge device, as are the standby SR and standbylogical network gateway. If either the SR or the logical network gatewayneed to failover (even if for a reason that would otherwise affect onlyone of the two), then both will failover together. Keeping the SR withthe logical network gateway for the corresponding backplane logicalswitch avoids the need for extra physical hops when transmitting datamessages between datacenters.

Thus, the T1 SR at the primary datacenter may receive outbound datamessages from either the other T1 SRs at secondary datacenters or MFEsat host computers within the primary datacenter. The primary T1 SRperforms stateful services (e.g., stateful firewall, load balancing,etc.) on these data messages in addition to routing the data messages.In some embodiments, the primary T1 SR includes a default route to routedata messages to the DR of the T0 logical router to which the T1 logicalrouter is linked. Depending on whether the data message is directed to alogical network endpoint (e.g., connected to a logical switch behind adifferent T1 logical router) or an external endpoint (e.g., a remotemachine connected to the Internet), the T0 DR will route the message tothe different T1 logical router or to the T0 SR.

For traffic from remote external machines directed to logical networkDCNs behind a T1 logical router, in some embodiments these data messagesare always received initially at the primary datacenter T1 SR (after T0processing). This is because, irrespective of in which datacenter the T0SR receives an incoming data message for processing by the T1 SR, the T0routing components are configured to route the data message to theprimary datacenter T1 SR to have the stateful services applied. Theprimary datacenter T1 SR applies these services and then routes the datamessage to the T1 DR. The edge device in the primary datacenter thatimplements the T1 SR can then perform logical processing for the T1 DRand the logical switch to which the destination DCN connects. If the DCNis located in a remote datacenter, the data message is sent through thelogical network gateways for this logical switch (i.e., not thebackplane logical switch). Thus, the physical paths for ingress andegress traffic could be different, if the logical network gateways forthe logical switch to which the DCN connects are implemented ondifferent edge devices than the T1 SRs and backplane logical switchlogical network gateways.

T0 logical routers, as mentioned, handle the connection of the logicalnetwork to external networks. In some embodiments, the T0 SRs exchangerouting data (e.g., using a routing protocol such as Border GatewayProtocol (BGP) or Open Shortest Path First (OSPF)) with physical routersof the external network, in order to manage this connection andcorrectly route data messages to the external routers. This routeexchange is described in further detail below.

In some embodiments, the network administrator defines a T0 logicalrouter as well as the datacenters to which the T0 logical router spansthrough the global network manager. One or more T1 logical routersand/or logical switches may be connected to this T0 logical router, andthe maximum span of those logical forwarding elements underneath the T0logical router is defined by the span of the T0 logical router. That is,in some embodiments, the global manager will not allow the span of a T1logical router or logical switch to include any datacenters not spannedby the T0 logical router to which they connect (assuming they do connectto a T0 logical router).

Network administrators are able to connect the T1 logical routers to T0logical routers in some embodiments. For a T1 logical router with aprimary site, some embodiments define a link between the routers (e.g.,with a transit logical switch in each datacenter between the T1 SRs inthe datacenter and the T0 DR), but mark this link as down at all of thesecondary datacenters (i.e., the link is only available at the primarydatacenter). This results in the T0 logical router routing incoming datamessages only to the T1 SR at the primary datacenter.

The T0 SRs can be configured in active-active or active-standbyconfigurations. In either configuration, some embodiments automaticallydefine (i) a backplane logical switch that stretches across all of thedatacenters spanned by the T0 logical router to connect the SRs and (ii)separate transit logical switches in each of the datacenters connectingthe T0 DR to the T0 SRs that are implemented in that datacenter.

When a T0 logical router is configured as active-standby, someembodiments automatically assign one active and one (or more) standbySRs for each datacenter spanned by the T0 logical router (e.g., asdefined by the network administrator). As with the T1 logical router,one of the datacenters can be designated as the primary datacenter forthe T0 logical router, in which case all logical network ingress/egresstraffic (referred to as north-south traffic) is routed through the SR atthat site. In this case, only the primary datacenter SR advertisesitself to the external physical network as a next hop for logicalnetwork addresses. In addition, the secondary T0 SRs route northboundtraffic to the primary T0 SR.

So long as there are no stateful services configured for the T0 SR, someembodiments also allow for there to be no designation of a primarydatacenter. In this case, north-south traffic may flow through theactive SR in any of the datacenters. In some embodiments, differentnorthbound traffic may flow through the SRs at different datacenters,depending either on dynamic routes learned via routing protocol (e.g.,by exchanging BGP messages with external routers) or on static routesconfigured by the network administrator to direct certain trafficthrough certain T0 SRs. Thus, for example, a northbound data messageoriginating from a DCN located at a first datacenter might betransmitted (i) from the host computer to a first edge deviceimplementing a secondary T1 SR at the first datacenter, (ii) from thefirst edge device to a second edge device implementing the primary T1 SRat a second datacenter, (iii) from the second edge device to a thirdedge device implementing the T0 SR at the second datacenter, and (iv)from the third edge device to a fourth edge device implementing the T0SR at a third datacenter, from which the data message egresses to thephysical network.

Some embodiments, as mentioned, also allow for active-activeconfiguration of the T0 SRs. In some such embodiments, the networkadministrator can define one or more active SRs (e.g., up to a thresholdnumber) for each datacenter spanned by the T0 logical router. Differentembodiments either allow or disallow the configuration of a primarydatacenter for the active-active configuration. If there is a primarydatacenter configured, in some embodiments the T0 SRs at secondarydatacenters use equal-cost multi-path (ECMP) routing to route northbounddata messages to the primary T0 SRs. ECMP is similarly used when routingdata traffic from a T0 SR at one datacenter to a T0 SR at anotherdatacenter for any other reason (e.g., due to an egress route learnedvia BGP). In addition, when an edge device implementing a T1 logicalrouter processes a northbound data message, after routing the datamessage to the T0 DR, the processing pipeline stage for the T0 DR usesECMP to route the data message to one of the T0 SRs in the samedatacenter.

As with T1 logical router processing, southbound data messages do notnecessarily follow the exact reverse path as did the correspondingnorthbound data message. If there is a primary datacenter defined for aT0 SR, then this SR will typically receive the southbound data messagesfrom the external network (by virtue of advertising itself as the nexthop for the relevant logical network addresses). If no T0 SR isdesignated as primary, then any active T0 SR at any of the datacentersmay receive a southbound data message from the external network (thoughtypically the T0 SR that transmitted corresponding northbound datamessages will receive the southbound data messages).

The T0 SR in some embodiments, is configured to route the data messageto the datacenter with the primary T1 SR, as this is the only datacenterfor which a link between the T0 logical router and the T1 logical routeris defined. Thus, the T0 SR routes the data message to the T0 SR at theprimary datacenter for the T1 SR with which the data message isassociated. In some embodiments, the routing table is merged for the T0SR and T0 DR for southbound data messages, so that no additional stagesneed to be executed for the transit logical switch and T0 DR. In thiscase, at the primary datacenter for the T1 logical router, in someembodiments the merged T0 SR/DR stage routes the data message to theprimary T1 SR, which may be implemented on a different edge device. Theprimary T1 SR performs any required stateful services on the datamessage, and proceeds with routing as described above.

In some embodiments, the local managers define the routingconfigurations for the SRs and DRs (of both T1 and T0 logical routers)and push this routing configuration to the edge devices and hostcomputers that implement these logical routing components. For logicalnetworks in which all of the LFEs are defined at the global manager, theglobal manager pushes to the local managers the configurationinformation regarding all of the LFEs that span to their respectivedatacenters. These local managers use this information to generate therouting tables for the various logical routing components implementedwithin their datacenters.

For instance, for a T1 logical router, each secondary SR is configuredwith a default route to the primary T1 SR by the local manager at the T1SR. Similarly, the primary SR is configured with a default route to theT0 DR in some embodiments. In addition, the primary SR is configuredwith routes for routing data traffic to the T1 DR. In some embodiments,a merged routing table for the primary SR and DR of the T1 logicalrouter is configured to handle routing southbound data messages to theappropriate stretched logical switch at the primary T1 SR.

For a T0 logical router, the majority of the routes for routing logicalnetwork traffic (e.g., southbound traffic) are also configured for theT0 SRs by the local managers. To handle traffic to stretched T1 logicalrouters, the T0 SRs are configured with routes for logical networkaddresses handled by these T1 logical routers (e.g., network addresstranslation (NAT) IP addresses, load balancer virtual IP addresses (LBVIPs), logical switch subnets, etc.). In some embodiments, the T0 SRrouting table (merged with the T0 DR routing table) in the samedatacenter as the primary SR for a T1 logical router is configured withroutes to the primary T1 SR for these logical network addresses. Inother datacenters, the T0 SR is configured to route data messages forthese logical network addresses to the T0 SR in the primary datacenterfor the T1 logical router.

In some embodiments, a network administrator can also define LFEs thatare specific to a datacenter and link those LFEs to the larger logicalnetwork through the local manager for the specific datacenter (e.g., bydefining a T1 logical router and linking the T1 logical router to a T0logical router of the larger logical network). In some such embodiments,configuration data regarding the T1 logical router will not bedistributed to the other datacenters implementing the T0 logical router.In this case, in some embodiments, the local manager at the specificdatacenter configures the T0 SR implemented in this datacenter withroutes for the logical network addresses related to the T1 logicalrouter. This T0 SR exchanges these routes with the T0 SRs at the otherdatacenters via a routing protocol application, thereby attractingsouthbound traffic directed to these network addresses.

In addition, one or more of the T0 SRs will generally be connected toexternal networks (e.g., directly to an external router, or atop-of-rack (TOR) forwarding element that in turn connects to externalnetworks) and exchange routes with these external networks. In someembodiments, the local manager configures the edge devices hosting theT0 SRs to advertise certain routes to the external network and to notadvertise others, as described further below. If there is only a singleegress datacenter for the T0 SR, then the T0 SR(s) in that datacenterwill learn routes from the external network via a routing protocol andcan then share these routes with the peer T0 SRs in the otherdatacenters.

When there are multiple datacenters available for egress, typically allof the T0 SRs will be configured with default routes that direct trafficto their respective external network connections. In addition, the T0SRs will learn routes for different network addresses from theirrespective external connections, and can share these routes with theirpeer T0 SRs in other datacenters so as to attract northbound traffic forwhich they are the optimal egress point.

In some embodiments, in order to handle this route exchange (between T0SR peers, between T1 SR peers (in certain cases), and between T0 SRs andtheir external network routers), the edge devices on which SRs areimplemented execute a routing protocol application (e.g., a BGP or OSPFapplication). The routing protocol application establishes routingprotocol sessions with the routing protocol applications on other edgedevices implementing peer SRs as well as with any external networkrouter(s). In some embodiments, each routing protocol session uses adifferent routing table (e.g., a virtual routing and forwarding table(VRF)) for each routing protocol session. For T1 SRs, some embodimentsuse the routing protocol session primarily to notify the other peer T1SRs that a given T1 SR is the primary SR for the T1 logical router. Forexample, when the primary datacenter is changed or failover occurs suchthat the (previous) standby T1 SR in the primary datacenter becomes theactive primary T1 SR, the new primary T1 SR sends out a routing protocolmessage indicating that it is the new T1 SR and default routes for theother T1 SR peers should be directed to it.

In some embodiments, the routing protocol application uses two differentVRFs for route exchange for a given T0 SR. First, each T0 SR has adatapath VRF that is used by the datapath on the edge device forprocessing data messages sent to the T0 SR. In some embodiments, therouting protocol application uses this datapath VRF for route exchangewith the external network router(s). Routes for any prefixes identifiedfor advertisement to the external networks are used by the datapath toimplement the T0 SR, and the routing protocol application advertisesthese routes to the external networks. In addition, routes received fromthe external network via routing protocol messages are automaticallyadded to the datapath VRF for use implementing the T0 SR.

In addition, in some embodiments, the routing protocol application isconfigured to import routes from the datapath VRF to a second VRF(referred to as the control VRF). The control VRF is used by the routingprotocol application for the routing protocol sessions with other SRsfor the same T0 logical router. Thus, any routes learned from thesession with an external network router at a first T0 SR can be sharedvia the control VRF to all of the other T0 SRs. When the routingprotocol application receives a route from a peer T0 SR, in someembodiments the application adds this route to the datapath VRF for theT0 SR on that edge device only so long as there is not already a betterroute in the datapath VRF for the same prefix (i.e., a route with ashorter administrative distance). On the other hand, whenprimary/secondary T0 SRs are configured, the routing protocolapplication at the secondary T0 SR adds routes learned from the primarypeer T0 SR to the datapath VRF in place of routes learned locally froman external network router in some embodiments.

It should be noted that while the above description regarding use ofboth a datapath VRF and a control VRF refers to a T0 SR that isstretched across multiple federated datacenters, in some embodiments theconcepts also apply to logical routers generically (i.e., any logicalrouter that has centralized routing components which share routes witheach other as well as with an external network or other logicalrouters). In addition, the use of both a datapath VRF and a control VRFapplies to logical routers (e.g., T0 logical routers) of logicalnetworks that are confined to a single datacenter. SRs of such logicalrouters may still have asymmetric connections to external networks andtherefore need to exchange routes with each other.

For edge devices on which multiple SRs are implemented (e.g., multipleT0 SRs), different embodiments may use a single control VRF or multiplecontrol VRFs. Using multiple control VRFs allows for the routes for eachSR to be kept separate, and only provided to other peer SRs via anexclusive routing protocol session. However, in a network with numerousSRs implemented on the same edge device and each SR peering with otherSRs in multiple other datacenters, this solution may not scale wellbecause numerous VRFs and numerous routing protocol sessions arerequired on each edge device.

Thus, some embodiments use a single control VRF on each edge device,with different datapath VRFs for each SR. When routes are imported froma datapath VRF to the control VRF, these embodiments add a tag or set oftags to the routes that identifies the T0 SR. For instance, someembodiments use multiprotocol BGP (MP-BGP) for the routing protocol anduse the associated route distinguishers and route targets as tags.Specifically, the tags both (i) ensure that all network addresses areunique (as different logical networks could have overlapping networkaddress spaces) and (ii) ensure that each route is exported to thecorrect edge devices and imported into the correct datapath VRFs.

In addition, some embodiments use additional tags on the routes toconvey user intent and determine whether or not to advertise routes inthe datapath VRF to external networks. For instance, some embodimentsuse BGP communities to tag routes. As described above, routes in thedatapath VRF for a given SR may be configured by the local manager,learned via route exchange with the external network router(s), andadded from the control VRF after route exchange with other SR peers.

Routes that a first T0 SR learns from route exchange will be importedinto the control VRF and thus shared with a second T0 SR in a differentdatacenter (and third T0 SR, etc.). However, while these routes may beadded to the datapath VRF for the second T0 SR, they should notnecessarily be advertised out to external networks by the second T0 SR,because the T0 SRs should not become a conduit for routing trafficbetween the external network at one datacenter and the external networkat another datacenter (i.e., traffic unrelated to the logical network).Accordingly, some embodiments apply a tag to these routes whenexchanging the routes with other T0 peers, so that these routes are notfurther advertised. Different tags are applied to routes that should beadvertised, to identify LB VIPs, NAT IPs, logical networks with publicnetwork address subnets, etc.

The preceding Summary is intended to serve as a brief introduction tosome embodiments of the invention. It is not meant to be an introductionor overview of all inventive subject matter disclosed in this document.The Detailed Description that follows and the Drawings that are referredto in the Detailed Description will further describe the embodimentsdescribed in the Summary as well as other embodiments. Accordingly, tounderstand all the embodiments described by this document, a full reviewof the Summary, Detailed Description and the Drawings is needed.Moreover, the claimed subject matters are not to be limited by theillustrative details in the Summary, Detailed Description and theDrawing, but rather are to be defined by the appended claims, becausethe claimed subject matters can be embodied in other specific formswithout departing from the spirit of the subject matters.

BRIEF DESCRIPTION OF THE DRAWINGS

The novel features of the invention are set forth in the appendedclaims. However, for purpose of explanation, several embodiments of theinvention are set forth in the following figures.

FIG. 1 conceptually illustrates a network management system of someembodiments.

FIG. 2 conceptually illustrates a simple example of a logical network200 of some embodiments.

FIG. 3 conceptually illustrates the logical network of FIG. 2 showingthe logical routing components of the logical routers as well as thevarious logical switches that connect to these logical components andthat connect the logical components to each other.

FIG. 4 conceptually illustrates three datacenters spanned by the logicalnetwork of FIG. 2 with the host computers and edge devices thatimplement the logical network.

FIG. 5 conceptually illustrates several of the computing devices in oneof the datacenters of FIG. 4 in greater detail.

FIG. 6 conceptually illustrates a process of some embodiments performedby an MFE upon receiving a data message from a source logical networkendpoint.

FIG. 7 conceptually illustrates a logical network and two datacenters inwhich that logical network is implemented.

FIG. 8 conceptually illustrates a VTEP:MAC mapping table stored by anMFE.

FIGS. 9-11 conceptually illustrate the processing of different datamessages between logical network endpoints through the datacenters ofFIG. 7 .

FIG. 12 conceptually illustrates a set of mapping tables of an edgedevice that implements the active logical network gateway for a logicalswitch.

FIG. 13 conceptually illustrates a process of some embodiments forprocessing a data message received by a logical network gateway from ahost computer within the same datacenter.

FIG. 14 conceptually illustrates a process of some embodiments forprocessing a data message received by a logical network gateway in onedatacenter from a logical network gateway in another datacenter.

FIGS. 15A-B conceptually illustrate the failover of a logical networkgateway according to some embodiments.

FIG. 16 conceptually illustrates an example of a logical network of someembodiments.

FIG. 17 conceptually illustrates the implementation of SRs for logicalrouters shown in FIG. 16 .

FIG. 18 conceptually illustrates the T1 SRs and T0 SRs implemented inthe three datacenters for the logical routers shown in FIG. 16 with theT0 SRs implemented in active-standby configuration.

FIG. 19 conceptually illustrates the T1 SRs and T0 SRs implemented inthe three datacenters for the logical routers shown in FIG. 16 with theT0 SRs implemented in active-active configuration.

FIG. 20 conceptually illustrates a more detailed view of the edgedevices hosting active SRs for a T0 logical router and a T1 logicalrouter.

FIG. 21 conceptually illustrates the logical forwarding processingapplied to an east-west data message sent from a first logical networkendpoint DCN behind a first T1 logical router to a second logicalnetwork endpoint DCN behind a second T1 logical router.

FIG. 22 conceptually illustrates the logical forwarding processingapplied to a northbound data message sent from the logical networkendpoint DCN1.

FIGS. 23 and 24 conceptually illustrate different examples of processingfor southbound data messages.

FIG. 25 conceptually illustrates a process of some embodiments forconfiguring the edge devices in a particular datacenter based on alogical network configuration.

FIG. 26 conceptually illustrates the routing architecture of an edgedevice of some embodiments.

FIGS. 27A-B conceptually illustrate the exchange of routes between twoedge devices.

FIG. 28 conceptually illustrates a similar exchange of routes, exceptthat in this case the datapath VRF in the second edge device already hasa route for the prefix.

FIG. 29 conceptually illustrates the routing architecture of an edgedevice of some embodiments.

FIGS. 30A-C conceptually illustrate the exchange of routes from the edgedevice of FIG. 29 to two other edge devices.

FIG. 31 conceptually illustrates a process of some embodiments fordetermining whether and how to add a route to a datapath VRF accordingto some embodiments.

FIG. 32 conceptually illustrates an electronic system with which someembodiments of the invention are implemented.

DETAILED DESCRIPTION

In the following detailed description of the invention, numerousdetails, examples, and embodiments of the invention are set forth anddescribed. However, it will be clear and apparent to one skilled in theart that the invention is not limited to the embodiments set forth andthat the invention may be practiced without some of the specific detailsand examples discussed.

Some embodiments provide a system for implementing a logical networkthat spans across multiple datacenters (e.g., in multiple differentgeographic regions). In some embodiments, a user (or multiple users)defines the logical network as a set of logical network elements (e.g.,logical switches, logical routers, logical middleboxes) and policies(e.g., forwarding policies, firewall policies, NAT rules, etc.). Thelogical forwarding elements (LFEs) may be implemented across some or allof the multiple datacenters, such that data traffic is transmitted (i)between logical network endpoints (e.g., data compute nodes (DCNs))within a datacenter, (ii) between logical network endpoints in twodifferent datacenters, and (iii) between logical network endpoints in adatacenter and endpoints external to the logical network (e.g., externalto the datacenters).

The logical network, in some embodiments, is a conceptual networkstructure that a network administrator (or multiple networkadministrators) define through a set of network managers. Specifically,some embodiments include a global manager as well as local managers foreach datacenter. FIG. 1 conceptually illustrates such a networkmanagement system 100 of some embodiments. This network managementsystem 100 includes a global manager 105 as well as local managers 110and 115 at each of two datacenters 120 and 125 that are spanned by thelogical network. The first datacenter 120 includes central controllers130 as well as host computers 135 and edge devices 140 in addition tothe local manager 110, while the second datacenter 125 includes centralcontrollers 145 as well as host computers 150 and edge devices 155 inaddition to the local manager 115.

In some embodiments, the network administrator(s) define the logicalnetwork to span a set of physical sites (in this case the twoillustrated datacenters 120 and 125) through the global manager 105. Inaddition, any logical network constructs (such as LFEs) that spanmultiple datacenters are defined through the global manager 105. Thisglobal manager, in different embodiments, may operate at one of thedatacenters (e.g., on the same machine or machines as the local managerat that site or on different machines than the local manager) or at adifferent site.

The global manager 105 provides data to the local managers at each ofthe sites spanned by the logical network (in this case, local managers110 and 115). In some embodiments, the global manager identifies, foreach logical network construct, the sites spanned by that construct, andonly provides information regarding the construct to the identifiedsites. Thus, security groups, logical routers, etc. that only span thefirst datacenter 120 will be provided to the local manager 110 and notto the local manager 115. In addition, LFEs (and other logical networkconstructs) that are exclusive to a site may be defined by a networkadministrator directly through the local manager at that site. Thelogical network configuration and the global and local network managersare described in greater detail in U.S. patent application Ser. No.16/906,944, filed Jun. 19, 2020, now issued as U.S. Pat. No. 11,088,916,which is incorporated herein by reference.

The local manager 110 or 115 at a given site (or a management planeapplication, which may be separate from the local manager) uses thelogical network configuration data received either from the globalmanager 105 or directly from a network administrator to generateconfiguration data for the host computers 135 and 150 and the edgedevices 140 and 155 (referred to collectively in the following ascomputing devices), which implement the logical network. The localmanagers provide this data to the central controllers 130 and 145, whichdetermine to which computing devices configuration data about eachlogical network construct should be provided. In some embodiments,different LFEs (and other constructs) span different computing devices,depending on which logical network endpoints operate on the hostcomputers 135 and 150 as well as to which edge devices various LFEconstructs are assigned (as described in greater detail below).

The central controllers 130 and 145, in addition to distributingconfiguration data to the computing devices, receive physical network tological network mapping data from the computing devices in someembodiments and share this information across datacenters. For instance,in some embodiments, the central controllers 130 retrieve tunnelendpoint to logical network address mapping data from the host computers135, and share this information (i) with the other host computers 135and the edge devices 140 in the first datacenter 120 and (ii) with thecentral controllers 145 in the second datacenter 125 (so that thecentral controllers 145 can share this data with the host computers 150and/or the edge devices 155). Further information regarding thesemappings, their use, and distribution is described below.

The logical network of some embodiments may include both logicalswitches (to which logical network DCNs attach) and logical routers.Each LFE (e.g., logical switch or logical router) is implemented acrossone or more datacenters, depending on how the LFE is defined by thenetwork administrator. In some embodiments, the LFEs are implementedwithin the datacenters by managed forwarding elements (MFEs) executingon host computers that also host DCNs of the logical network (e.g., withthe MFEs executing in virtualization software of the host computers)and/or on edge devices within the datacenters. The edge devices, in someembodiments, are computing devices that may be bare metal machinesexecuting a datapath and/or computers on which DCNs execute to adatapath. These datapaths, in some embodiments, perform various gatewayoperations (e.g., gateways for stretching logical switches acrossdatacenters, gateways for executing centralized features of logicalrouters such as performing stateful services and/or connecting toexternal networks).

FIG. 2 conceptually illustrates a simple example of a logical network200 of some embodiments. This logical network 200 includes a tier-0 (T0)logical router 205, a tier-1 (T1) logical router 210, and two logicalswitches 215 and 220. Though not shown, various logical networkendpoints (e.g., VMs, containers, or other DCNs) attach to logical portsof the logical switches 215 and 220. These logical network endpointsexecute on host computers in the datacenters spanned by the logicalswitches to which they attach. In this example, both the T0 logicalrouter and the T1 logical router are defined to have a span includingthree datacenters. In some embodiments, the logical switches 215 and 220inherit the span of the logical router 205 to which they connect.

As in this example, logical routers, in some embodiments, may include T0logical routers (e.g., router 205) that connect directly to externalnetworks and T1 logical routers (e.g., router 210) that segregate a setof logical switches from the rest of the logical network and may performstateful services for endpoints connected to those logical switches.These logical routers, in some embodiments, are defined by the networkmanagers to have one or more routing components, depending on how thelogical router has been configured by the network administrator.

FIG. 3 conceptually illustrates the logical network 200 showing thelogical routing components of the logical routers 205 and 210 as well asthe various logical switches that connect to these logical componentsand that connect the logical components to each other. As shown, the T1logical router 210 includes a distributed routing component (DR) 305 aswell as a set of centralized routing components (also referred to asservice routers, or SRs) 310-320. T1 logical routers, in someembodiments, may have only a DR, or may have both a DR as well as SRs.For T1 logical routers, SRs allow for centralized (e.g., stateful)services to be performed on data messages sent between (i) DCNsconnected to logical switches that connect to the T1 logical router and(ii) DCNs connected to other logical switches that do not connect to thetier-1 logical router or from external network endpoints. In thisexample, data messages sent to or from DCNs connected to logicalswitches 215 and 220 will have stateful services applied by one of theSRs 310-320 of the T1 logical router 210 (specifically, by the primarySR 315).

T1 logical routers may be connected to T0 logical routers in someembodiments (e.g., T1 logical router 210 connecting to T0 logical router205). These T0 logical routers, as mentioned, handle data messagesexchanged between the logical network DCNs and external networkendpoints. As shown, the T0 logical router 205 includes a DR 325 as wellas a set of SRs 330-340. In some embodiments, T0 logical routers includean SR (or multiple SRs) operating in each datacenter spanned by thelogical router. In some or all of these datacenters, the T0 SRs connectto external routers 341-343 (or to top of rack (TOR) switches thatprovide connections to external networks).

In addition to the logical switches 215 and 220 (which span all of thedatacenters spanned by the T1 DR 305), FIG. 3 also illustrates variousautomatically-defined logical switches. Within each datacenter, the T1DR 305 connects to its respective local T1 SR 310-320 via a respectivetransit logical switch 345-355. Similarly, within each datacenter, theT0 DR 325 connects to its respective local T0 SR 330-340 via arespective transit logical switch 360-370. In addition, a router linklogical switch 375 connects the primary T1 SR 315 (that performs thestateful services for the T1 logical router) to the T0 DR 325. In someembodiments, similar router link logical switches are defined for eachof the other datacenters but are marked as down.

Lastly, the network management system also defines backplane logicalswitches that connect each set of SRs. In this case, there is abackplane logical switch 380 connecting the three T1 SRs 310-320 and abackplane logical switch 385 connecting the three T0 SRs 330-340. Thesebackplane logical switches, unlike the transit logical switches, arestretched across the datacenters spanned by their respective logicalrouters. When one SR for a particular logical router routes a datamessage to another SR for the same logical router, the data message issent according to the appropriate backplane logical switch.

As mentioned, the LFEs of a logical network may be implemented by MFEsexecuting on source host computers as well as by the edge devices. FIG.4 conceptually illustrates the three datacenters 405-415 spanned by thelogical network 200 with the host computers 420 and edge devices 425that implement the logical network. VMs (in this example) or otherlogical network endpoint DCNs operate on the host computers 420, whichexecute virtualization software for hosting these VMs. Thevirtualization software, in some embodiments, includes the MFEs such asvirtual switches and/or virtual routers. In some embodiments, one MFE(e.g., a flow-based MFE) executes on each host computer 420 to implementmultiple LFEs, while in other embodiments multiple MFEs execute on eachhost computer 420 (e.g., one or more virtual switches and/or virtualrouters). In still other embodiments, different host computers executedifferent virtualization software with different types of MFEs. Withinthis application, “MFE” is used to represent the set of one or more MFEsthat execute on a host computer to implement LFEs of one or more logicalnetworks.

The edge devices 425, in some embodiments, execute datapaths (e.g., dataplane development kit (DPDK) datapaths) that implement one or more LFEs.In some embodiments, SRs of logical routers are assigned to edge devicesand implemented by these edge devices (the SRs are centralized, and thusnot distributed in the same manner as the DRs or logical switches). Thedatapaths of the edge devices 425 may execute in the primary operatingsystem of a bare metal computing device and/or execute within a VM orother DCN (that is not a logical network endpoint DCN) operating on theedge device, in different embodiments.

In some embodiments, as shown, the edge devices 425 connect thedatacenters to each other (and to external networks). In suchembodiments, the host computers 420 within a datacenter can send datamessages directly to each other, but send data messages to hostcomputers 420 in other datacenters via the edge devices 425. When asource DCN (e.g., a VM) in the first datacenter 405 sends a data messageto a destination DCN in the second datacenter 410, this data message isfirst processed by the MFE executing on the same host computer 420 asthe source VM, then by an edge device 425 in the first datacenter 405,then an edge device 425 in the second datacenter 410, and then by theMFE in the same host computer 420 as the destination DCN.

More specifically, when a logical network DCN sends a data message toanother logical network DCN, the MFE executing on the host computer atwhich the source DCN resides performs logical network processing. Insome embodiments, the source host computer MFE set (collectivelyreferred to herein as the source MFE) performs processing for as much ofthe logical network as possible (referred to as first-hop logicalprocessing). That is, the source MFE processes the data message throughthe logical network until either (i) the destination logical port forthe data message is determined or (ii) the data message is logicallyforwarded to an LFE for which the source MFE cannot perform processing(e.g., an SR of a logical router).

FIG. 5 conceptually illustrates several of the computing devices in oneof the datacenters 410 in greater detail and will be used to explaindata message processing between logical network endpoint DCNs in greaterdetail. As shown, the datacenter 410 includes a first host computer 505that hosts a VM 515 attached to the first logical switch 215 as well asa second host computer 510 that hosts a VM 520 attached to the secondlogical switch 220. In addition, an MFE (e.g., a set of virtual switchesand/or virtual routers) executes on each of the host computers 505 and510 (e.g., in virtualization software of the host computers). Both theMFE 525 as well as the MFE 530 are configured to implement each of thelogical switches 215 and 220, as well as the DR 305 of the T1 logicalrouter 210. Any further processing that is required (e.g., by the T1 SR315 or any component of the T0 logical router 205) requires sending adata message to at least the edge device 535.

This figure shows four edge devices 535-550, which execute datapaths555-570, respectively. The datapath 555 executing on the edge device 535is configured to implement the T1 SR 315, in addition to the logicalswitches 215 and 220, the T1 DR 305, and the T0 DR 325. The datapath 560executing on the edge device 540 is configured to implement the T0 SR335 in addition to the T0 DR 325. While not shown, each of thesedatapaths 555 and 560 is also configured to implement the relevantrouter link logical switches connecting to the logical routingcomponents that they implement, as well as the relevant backplanelogical switches 380 (for datapath 555) and 385 (for datapath 560). Itshould also be noted that, in some embodiments, the SRs are implementedin either active-standby mode (in which case one edge device in eachdatacenter implements an active SR and one edge device in eachdatacenter implements a standby SR) or in active-active mode (in whichone or more edge devices in each datacenter implement active SRs). Forthe sake of simplicity in this figure, only one edge device implementingeach SR is illustrated.

The datapath 565 of the third edge device 545 implements a logicalnetwork gateway for the first logical switch 215 and the datapath 570 ofthe fourth edge device 550 implements a logical network gateway for thesecond logical switch 220. These logical network gateways, as furtherdescribed below, handle data messages sent between logical networkendpoint DCNs in different datacenters. In some embodiments, for eachlogical switch that stretches across multiple datacenters in a federatednetwork, one or more logical network gateways (e.g., a pair ofactive-standby logical network gateways) are assigned for eachdatacenter spanned by the logical switch (e.g., by the local managers ofthose datacenters). The logical switches for which logical networkgateways are implemented may include administrator-defined logicalswitches to which logical network DCNs connect (e.g., logical switches215 and 220) as well as other types of logical switches (e.g., backplanelogical switches 380 and 385).

As an example of data message processing, if a VM 515 sends a datamessage to another VM attached to the same logical switch 215, then theMFE 525 (referred to for this data message as the source MFE) will onlyneed to perform logical processing for the logical switch to determinethe destination of the data message. If the VM 515 sends a data messageto another VM attached to the other logical switch 220 (e.g., the VM5250) that is connected to the same T1 logical router 210 as the logicalswitch 215, then the source MFE 525 performs logical processing for thefirst logical switch 215, the DR 305 of the logical router 210, and thesecond logical switch 220 to determine the destination of the datamessage.

On the other hand, if the VM 515 sends a data message to a logicalnetwork endpoint DCN on a second logical switch that is connected to adifferent T1 logical router (not shown in FIGS. 2 and 3 ), then thesource MFE 525 only performs logical processing for the first logicalswitch, the T1 DR 305 (which routes the data message to the T1 SR 315 inthat datacenter), and the transit logical switch 350 connecting the T1DR to the T1 SR within the datacenter. The MFE 525 transmits the datamessage to the edge device 535, and this datapath performs additionallogical processing, depending on the destination and the logical networkconfiguration. This processing is described in greater detail below.

For data messages that are not sent to the SRs, once the source MFEidentifies the destination (e.g., a destination logical port on aparticular logical switch), this source MFE transmits the data messageto the physical location for that destination. In some embodiments, thesource MFE maps the combination of (i) the destination layer 2 (L2)address (e.g., MAC address) of the data message and (ii) the logicalswitch being processed to which that L2 address attaches to a tunnelendpoint or group of tunnel endpoints. This allows the source MFE toencapsulate the data message and transmit the data message to thedestination tunnel endpoint. Specifically, if the destination DCNoperates on a host computer located within the same datacenter, thesource MFE can transmit the data message directly to that host computerby encapsulating the data message using a destination tunnel endpointaddress corresponding to the host computer. For example, if the VM 515sends a data message to the VM 520, the source MFE 525 would performlogical processing for the logical switch 215, the T1 DR 305, and thelogical switch 220. Based on this logical switch and the destination MACaddress of VM 520, the source MFE 525 would tunnel the data message tothe MFE 530 on host computer 510. This MFE 530 would then perform anyadditional processing for the logical switch 220 to deliver the datamessage to the destination VM 520.

On the other hand, if the source MFE executes on a first host computerin a first datacenter and the destination DCN operates on a second hostcomputer in a second, different datacenter, in some embodiments the datamessage is transmitted (i) from the source MFE to a first logicalnetwork gateway in the first datacenter, (ii) from the first logicalnetwork gateway to a second logical network gateway in the seconddatacenter, and (iii) from the second logical network gateway to adestination MFE executing on the second host computer. The destinationMFE can then deliver the data message to the destination DCN.

In the example of FIG. 5 , if the VM 515 sent a data message to a VMattached to the same logical switch 215 in a different datacenter, thenthe source MFE 525 would tunnel this data message to the edge device 545for processing according to the logical network gateway for logicalswitch 215 implemented by the datapath 565. On the other hand, if the VM515 sent a data message to a VM attached to the logical switch 220 in adifferent datacenter, then the source MFE 525 would tunnel this datamessage to the edge device 550 for processing according to the logicalnetwork gateway for logical switch 220 implemented by the datapath 570.

FIG. 6 conceptually illustrates a process 600 of some embodimentsperformed by an MFE upon receiving a data message from a source logicalnetwork endpoint (a “source MFE”). The process 600 will be described inpart by reference to FIGS. 7-11 . FIG. 7 conceptually illustrates alogical network 700 and two datacenters 705 and 710 in which thatlogical network is implemented. FIG. 8 conceptually illustrates aVTEP:MAC mapping table stored by one of the MFEs shown in FIG. 7 , whileFIGS. 9-11 conceptually illustrate the processing of different datamessages between logical network endpoints through the datacenters 705and 710.

As shown, the process 600 begins by receiving (at 605) a data messagefrom a source DCN (i.e., a logical network endpoint) that is addressedto another DCN of the logical network. This description specificallyrelates to data messages sent between logical network endpoints that arebehind the same T1 logical router (i.e., that do not require anyprocessing by SRs). Data message transmission that includes SRs isdescribed in greater detail below. In addition, it should be noted thatthis assumes that no Address Resolution Protocol (ARP) messages arerequired, either by the VM or by any logical router processing.

Next, the process 600 performs (at 610) logical processing to identify(i) the destination MAC address and (ii) the logical switch to which thedestination MAC address attaches. As described above, the source MFEwill first perform processing according to the logical switch to whichthe source VM connects. If the destination MAC address corresponds toanother DCN connected to same logical switch, then this is the onlylogical processing required. On the other hand, if the destination MACaddress corresponds to a T1 logical router interface, then the logicalswitch processing will logically forward the data message to the T1 DR(e.g., to a distributed virtual router executing on the same hostcomputer), which routes the data message based on its destinationnetwork address (e.g., destination IP address). The T1 DR processingalso modifies the MAC addresses of the data message so that thedestination address corresponds to the destination IP address (onlyusing ARP if this mapping is not already known). Based on this routing,the next logical switch is also identified, and logical switchprocessing is also performed by the MFE of the host computer. Thislogical switch processing identifies the destination logical port forthe data message, in some embodiments.

The process 600 then determines (at 615) whether the destination of thedata message is located in the same datacenter as the source DCN. Itshould be noted that the process 600 is a conceptual process, and thatin some embodiments the source MFE does not make an explicitdetermination. Rather, the source MFE, using the context of the logicalswitch to which the destination MAC address attaches, maps that MACaddress to either a specific VTEP (when the destination is in the samedatacenter) or a group of VTEPs (when the destination is in a differentdatacenter). Thus, if the destination is in the same datacenter as thesource DCN, the process 600 identifies (at 620) a VTEP address to whichthe destination MAC address of the data message maps, in the context ofthe logical switch.

On the other hand, if the destination is in a different datacenter thanthe source DCN, the process 600 identifies (at 625) a VTEP group for thelogical network gateways for the identified logical switch (to which thedestination MAC address attaches) within the current datacenter. Inaddition, as this VTEP group may be a list of multiple VTEPs, theprocess 600 selects (at 630) one of the VTEP addresses from theidentified VTEP group. In some embodiments, the logical network gatewaysfor a given logical switch are implemented in active-standbyconfiguration, in which case this selection is based on identificationof the VTEP for the active logical network gateway (e.g., in the VTEPgroup record). In other embodiments, the logical network gateways for agiven logical switch are implemented in active-active configuration, inwhich case the selection may be based on a load-balancing algorithm(e.g., using a hash-based selection, round-robin load balancing, etc.).

As mentioned, FIG. 7 conceptually illustrates a logical network 700 andtwo datacenters 705 and 710 in which that logical network isimplemented. The logical network 700 includes a T1 logical router 715that links two logical switches 720 and 725. Two VMs (w/MAC addresses Aand B) connect to the first logical switch 720 and three VMs (w/MACaddresses C, D, and E) connect to the second logical switch 725. Asshown, VM1 and VM3 operate in the first datacenter 705, on hostcomputers 706 and 707, respectively; VM2 and VM4 operate in the seconddatacenter 710, on host computers 711 and 712, respectively. VM5operates in a third datacenter, which is not shown in this figure.

As mentioned, for a given logical switch, some embodiments implement thelogical network gateways in active-standby configuration. That is, ineach datacenter spanned by the logical switch, an active logical networkgateway is assigned to one edge device and one or more standby logicalnetwork gateways are assigned to additional edge devices. The activelogical network gateways handle all of the inter-site data traffic forthe logical switch, except in the case of failover. In otherembodiments, the logical network gateways for the logical switch areimplemented in active-active configuration. In this configuration, allof the logical network gateways in a particular datacenter are capableof handling inter-site data traffic for the logical switch.

In the example of FIG. 7 , the logical network gateways are implementedin active-standby configuration. As shown, the figure illustrates fouredge devices 730-745 in the first datacenter 705 and four edge devices750-765 in the second datacenter 710. In the first datacenter 705, theedge device 730 implements the active logical network gateway for thefirst logical switch 720 while the edge device 735 implements thestandby logical network gateway for the first logical switch 720; theedge device 740 implements the active logical network gateway for thesecond logical switch 725 while the edge device 745 implements thestandby logical network gateway for the second logical switch 725. Inthe second datacenter 710, the edge device 750 implements the activelogical network gateway for the first logical switch 720 while the edgedevice 755 implements the standby logical network gateway for the firstlogical switch 720; the edge device 760 implements the active logicalnetwork gateway for the second logical switch 725 while the edge device765 implements the standby logical network gateway for the secondlogical switch 725.

For each logical switch, the logical network gateways form a mesh insome embodiments (i.e., the logical network gateways for the logicalswitch in each datacenter can directly transmit data messages to thelogical network gateways for the logical switch in each otherdatacenter). In some embodiments, irrespective of whether the logicalnetwork gateways are implemented in active-standby or active-activemode, the logical network gateways for a logical switch in a firstdatacenter establish communication with all of the other logical networkgateways in the other datacenters (both active and standby logicalnetwork gateways). As shown, the edge devices 730 and 735 implementingthe logical network gateways for the first logical switch 720 in thefirst datacenter 705 each connect to both of the edge devices 750 and755 implementing the logical network gateways for the first logicalswitch 720 in the second datacenter 710. Similarly, the edge devices 740and 745 implementing the logical network gateways for the second logicalswitch 725 in the first datacenter 705 each connect to both of the edgedevices 760 and 765 implementing the logical network gateways for thesecond logical switch 725 in the second datacenter 710. Though the thirddatacenter (where VM5 operates) is not shown in the figure, each ofthese sets of edge devices would also have connections to the edgedevices in the third datacenter that implement the logical networkgateways for the corresponding logical switches. As shown, in someembodiments the edge devices connect through an intervening network 770.This intervening network through which data messages are transmittedbetween the edge devices may be a virtual private network (VPN), widearea network (WAN), or public network, in different embodiments.

In other embodiments, rather than a full mesh, the logical networkgateways use a hub-and-spoke model of communication. In suchembodiments, traffic is forwarded through a central (hub) logicalnetwork gateway in a particular datacenter, even if neither the sourcenor destination of a specific data message resides in that particulardatacenter. In this case, traffic from a first datacenter to a seconddatacenter (neither of which is the central logical network gateway forthe relevant logical switch) is sent from the source MFE, to the logicalnetwork gateway for the logical switch in the first datacenter, to thecentral logical network gateway for the logical switch, to the logicalnetwork gateway for the logical switch in the second datacenter, to thedestination MFE.

Regarding the operations of the source MFE for a data message describedin the process 600 (e.g., the operations to identify a VTEP address orgroup), FIG. 8 conceptually illustrates a set of mapping tables 805 and810 for an MFE 800 executing on the host computer 706 and to which VM1connects. These mapping tables map each of the MAC addresses connectedto the logical switches 720 and 725 (other than that of VM1, whichoperates on the host 706) to VTEP IP addresses. It should be noted thatthe MFE 800 stores mapping tables for the context of any logical switchthat might be required, not just those to which DCNs on the hostcomputer 706 attach. Because VM1 can transmit data messages to DCNsconnected to the second logical switch 725 that do not requireprocessing by any SRs, the central controllers of some embodiments pushthe MAC: VTEP records for the second logical switch 725 to the MFE 800.In some embodiments, because different logical networks within adatacenter may use overlapping MAC addresses, separate tables are storedfor each logical switch (as the MAC address is only necessarily uniquein the context of the logical switch).

For data messages sent within a single datacenter, the source MFE usesrecords that map a single VTEP network address to one or more MACaddresses (of logical network DCNs) that are reachable via that VTEP.Thus, if a VM or other DCN having a particular MAC address resides on aparticular host computer, the record for the VTEP associated with thatparticular host computer maps to the particular MAC address. Forexample, in the mapping table 810 for logical switch 725, MAC address C(for VM3) is mapped to the VTEP IP address K, corresponding to the MFEoperating on host computer 707. If multiple VMs attached to the logicalswitch 725 operated on the host computer 707, then some embodimentswould use this one record to map multiple MAC addresses to the VTEP IPaddress K.

In addition, for each logical switch for which an MFE processes datamessages and that is stretched to multiple datacenters, in someembodiments the MFE stores an additional VTEP group record for thelogical switch that enables the MFE to encapsulate data messages to besent to the logical network gateway(s) for the logical switch in thedatacenter. The VTEP group record, in some embodiments, maps a set oftwo or more VTEPs (of the logical network gateways) to all MAC addressesconnected to the logical switch that are located in any otherdatacenter. Thus, for example, in the mapping table 805, the MAC addressB (for VM2, which operates in the second datacenter 710) maps to theVTEP group with IP addresses V and U for the edge devices 730 and 735that implement the logical network gateways for the first logical switch720. Similarly, in the mapping table 810, the MAC addresses D and E (forVM4 operating in the second datacenter 710 and VM5 operating in thethird datacenter) map to the VTEP group with IP addresses T and S forthe edge devices 740 and 745 that implement the logical network gatewaysfor the second logical switch 725.

The VTEP group records also indicate which of the VTEP IPs in the recordcorresponds to the active logical network gateway, so that the MFE 800can select this IP address for data messages to be sent to any of theVMs in the second and third datacenters. In the active-active case, allof the VTEP IP addresses are marked as active and the MFE uses aselection mechanism to select between them. Some embodiments use a loadbalancing operation (e.g., a round-robin algorithm, a deterministichash-based algorithm, etc.) to select one of the IP addresses from theVTEP group record.

The use of logical network gateways and VTEP groups allows for manylogical switches to be stretched across multiple datacenters without thenumber of tunnels (and therefore VTEP records stored at each MFE)exploding. Rather than needing to store a record for every host computerin every datacenter on which at least one DCN resides for a logicalswitch, all of the MAC addresses residing outside of the datacenter areaggregated into a single record that maps to a group of logical networkgateway VTEPs.

Returning to FIG. 6 , after identifying the VTEP address, the process600 identifies (at 635) the virtual network identifier (VNI)corresponding to the logical switch to which the destination MAC addressattaches that is used within the datacenter. In some embodiments, thelocal manager at each datacenter manages a separate pool of VNIs for itsdatacenter, and the global manager manages a separate pool of VNIs forthe network between logical network gateways. These pools may beexclusive or overlapping, as they are separately managed without anyneed for reconciliation. This enables a datacenter to be added to afederated group of datacenters without a need to modify the VNIs usedwithin the newly added datacenter. In some embodiments, the MFEs storedata indicating the VNIs within their respective datacenters for eachlogical switch they process.

Next, the process 600 encapsulates (at 640) the data message using theVTEP address identified at 620 or selected at 630, as well as theidentified VNI. In some embodiments, the source MFE encapsulates thedata message with a tunnel header (e.g., using VXLAN, Geneve, NGVRE,STT, etc.). Specifically, the tunnel header includes (i) a source VTEPIP address (that of the source MFE), (ii) a destination VTEP IP address,and (iii) the VNI (in addition to other fields, such as source anddestination MAC address, encapsulation format specific fields, etc.).

Finally, the process 600 transmits (at 645) the encapsulated datamessage to the datacenter network, so that it can be delivered to thedestination tunnel endpoint (e.g., the destination host computer for thedata message or the logical network gateway, depending on whether thedestination is located in the same datacenter as the source. The process600 then ends.

FIGS. 9-11 conceptually illustrate examples of data messages between theVMs shown in FIG. 7 , which show (i) the use of different VNIs indifferent datacenters for the same logical switch, and (ii) the use oflogical network gateways. Specifically, FIG. 9 illustrates a datamessage 900 sent from VM1 to VM3. As shown, VM1 initially sends the datamessage 900 to the MFE 800. This initial data message would have thesource MAC and IP address for VM1, as well as the destination IP addressfor VM3. Assuming ARP is not required, the destination MAC is that ofthe logical port of the logical switch 720 that connects to the logicalrouter 715. As the IP address should not be changed during transmission,the data message is throughout the figure as having a source of VM1 anddestination of VM3. In addition, the data message 900 would includeother header information as well as a payload, which are not shown inthe figure.

The MFE 800 processes the data message according to the first logicalswitch 720, the logical router 715, and the second logical switch 725.At this point, the destination MAC address is that of VM3, which maps tothe VTEP IP address K for the MFE 905. Thus, as shown, the MFE transmitsthrough the first datacenter 705 an encapsulated data message 910. Thisencapsulated data message 910, as shown, includes the VNI for thelogical switch 725 (LS_B) in the first datacenter 705 (DC_1), as well assource and destination VTEP IP addresses for the MFEs 800 and 905. TheMFE 905 decapsulates this data message 910, using the VNI to identifythe logical switch context for the underlying data message 915 (modifiedat least from the original data message 900 in that the MAC addressesare different), and delivers this underlying data message 915 to thedestination VM3.

For a data message between DCNs in two datacenters, as described, thesource MFE identifies the logical switch to which the destination DCNattaches (which may not be the same as the logical switch to which thesource DCN attaches) and transmits the data message to the logicalnetwork gateway for that logical switch in its datacenter. That logicalnetwork gateway transmits the data message to the logical networkgateway for the logical switch in the destination datacenter, whichtransmits the data message to the destination MFE. In some embodiments,each of these three transmitters (source MFE, first logical networkgateway, second logical network gateway) encapsulates the data messagewith a different tunnel header (e.g., using VXLAN, Geneve, NGVRE, STT,etc.). Specifically, each tunnel header includes (i) a source tunnelendpoint address, (ii) a destination tunnel endpoint address, and (iii)a virtual network identifier (VNI).

FIGS. 10 and 11 conceptually illustrate examples of data messagesbetween VMs in two different datacenters. FIG. 10 specificallyillustrates a data message 1000 sent from VM1 to VM2, both of whichconnect to the same logical switch 720. As shown, VM1 initially sendsthe data message 1000 to the MFE 800. This initial data message wouldhave the source MAC and IP address for VM1, as well as for VM3. Inaddition, the data message 1000 would include other header informationas well as a payload, which are not shown in the figure. The MFE 800processes the data message according to the first logical switch 720,identifies that the destination MAC address B corresponds to a logicalport on that logical switch, and maps the MAC address B to the VTEPgroup {V, U} for the logical network gateways for logical switch 720 inthe first datacenter 705 (selecting the VTEP V for the active logicalnetwork gateway), encapsulates the data message 1000, and transmits theencapsulated data message 1005 through the physical network of the firstdatacenter 705 to the edge device 730.

This encapsulated data message 1005, as shown, includes the VNI for thelogical switch 720 (LS_A) in the first datacenter 705 (DC_1), as well assource and destination VTEP IP addresses for the MFE 800 and edge device730. The logical network gateways perform VNI translation in someembodiments. The edge device 730 receives the encapsulated data message1005 and executes a datapath processing pipeline stage for the logicalnetwork gateway based on the receipt of the encapsulated data message ata particular interface and the VNI (LS_A DC_1) in the tunnel header ofthe encapsulated data message 1005.

The logical network gateway in the first datacenter 705 uses thedestination address of the data message (the underlying logical networkdata message 1000, not the destination address in the tunnel header) todetermine that the data message should be sent to the second datacenter710, and re-encapsulates the data message with a new tunnel header thatincludes a second, different VNI (LS_A Global) for the logical switch720 used within the inter-site network 770, as managed by the globalnetwork manager. As shown, the edge device 730 transmits a secondencapsulated data message 1010 to the logical network gateway for thelogical switch 720 within the second datacenter 710, based on datamapping MAC addresses to different tunnel endpoint IP addresses forlogical network gateways in different datacenters. These remote tunnelendpoints (RTEPs) and RTEP groups will be described in greater detailbelow. This second encapsulated data message 1010 is sent through theintervening network 770 between the datacenter edge devices to the edgedevice 750 implementing the logical network gateway for the logicalswitch 720 within the second datacenter 710. It should be noted thatwhile the first encapsulated data message 1005 shows a destination IPaddress V and the second encapsulated data message 1010 shows a sourceIP address V, these may actually be different IP addresses. That is, theVTEP IP addresses will typically be different than the RTEP IP addressesfor a particular edge device (as they are different interfaces). In someembodiments, the VTEP IP addresses can be private IP addresses that neednot be routable, whereas the RTEP IP addresses must be routable (thoughnot necessarily public IP addresses).

The edge device 750 receives the encapsulated data message 1010 andexecutes a datapath processing pipeline stage (similar to that executedby the first edge device) for the logical network gateway based on thereceipt of the data message at a particular interface and the VNI (LS_AGlobal) in the tunnel header of the encapsulated data message 1010. Thelogical network gateway in the second datacenter 710 uses thedestination address of the underlying logical network data message 1000to determine the destination host computer for the data message withinthe second datacenter 710 and re-encapsulates the data message with athird tunnel header that includes a third VNI. This third VNI (LS_ADC_2) is the VNI for the logical switch 720 used within the seconddatacenter 710, as managed by the local network manager for the seconddatacenter. The re-encapsulated data message 1015 is sent through thephysical network of the second datacenter 710 to the MFE 1020 at thedestination host computer 711. Finally, this MFE 1020 uses the VNI (LS_ADC_2) and destination address of the underlying data message 1000 todeliver the data message to VM2.

FIG. 11 illustrates a data message 1100 sent from VM1 to VM4. As shown,VM1 initially sends the data message 1100 to the MFE 800. This initialdata message would have the source MAC and IP address for VM1, as wellas for VM3. This initial data message would have the source MAC and IPaddress for VM1, as well as the destination IP address for VM3 and thedestination MAC address for the logical port of the logical switch 720that connects to the logical router 715. In addition, the data message1100 would include other header information as well as a payload, whichare not shown in the figure.

The MFE 800 processes the data message according to the first logicalswitch 720, the logical router 715, and the second logical switch 725.At this point, the destination MAC address is that of VM4, which maps tothe VTEP group {T, S} for the logical network gateways for logicalswitch 725 in the first datacenter 705. The MFE 800 selects the VTEP Tfor the active logical network gateway, encapsulates the data message1100, and transmits the encapsulated data message 1105 through thephysical network of the first datacenter 705 to the edge device 740.

This encapsulated data message 1105, as shown, includes the VNI for thelogical switch 725 (LS_B) in the first datacenter 705 (DC_1), as well assource and destination VTEP IP addresses for the MFE 800 and edge device740. The logical network gateways perform VNI translation in someembodiments. The edge device 740 receives the encapsulated data message1105 and executes a datapath processing pipeline stage for the logicalnetwork gateway based on the receipt of the encapsulated data message ata particular interface and the VNI (LS_B DC_1) in the tunnel header ofthe encapsulated data message 1105.

The logical network gateway in the first datacenter 705 uses thedestination address of the data message (the underlying logical networkdata message with destination MAC address D, not the destination addressin the tunnel header) to determine that the data message should be sentto the second datacenter 710, and re-encapsulates the data message witha new tunnel header that includes a second, different VNI (LS_B Global)for the logical switch 725 used within the inter-site network 770, asmanaged by the global network manager. This VNI is required to bedifferent from LS_A Global, but may overlap with the VNIs used foreither of the logical switches within any of the datacenters. As shown,the edge device 740 transmits a second encapsulated data message 1110 tothe logical network gateway for the logical switch 725 within the seconddatacenter 710, based on data mapping MAC addresses to different tunnelendpoint IP addresses for logical network gateways in differentdatacenters. This second encapsulated data message 1110 is sent throughthe intervening network 770 between the datacenter edge devices to theedge device 760 implementing the logical network gateway for the logicalswitch 725 within the second datacenter 710.

The edge device 760 receives the encapsulated data message 1110 andexecutes a datapath processing pipeline stage (similar to that executedby the first edge device) for the logical network gateway based on thereceipt of the data message at a particular interface and the VNI (LS_BGlobal) in the tunnel header of the encapsulated data message 1110. Thelogical network gateway in the second datacenter 710 uses thedestination address of the underlying logical network data message todetermine the destination host computer for the data message within thesecond datacenter 710 and re-encapsulates the data message with a thirdtunnel header that includes a third VNI. This third VNI (LS_B DC_2) isthe VNI for the logical switch 725 used within the second datacenter710, as managed by the local network manager for the second datacenter.This VNI is required to be different from LS_A DC 2, but may overlapwith the VNIs used for either of the logical switches within theintervening network or any of the other datacenters. The re-encapsulateddata message 1115 is sent through the physical network of the seconddatacenter 710 to the MFE 1120 at the destination host computer 712.Finally, this MFE 1120 uses the VNI (LS_B DC_2) and destination MACaddress D of the underlying data message 1125 (as modified by the sourceMFE 800) to deliver the data message to VM2.

As indicated in the figures above, the edge devices hosting logicalnetwork gateways have VTEPs that face the host computers of theirdatacenter (which are used in the VTEP groups stored by the hostcomputers). In addition, the edge devices of some embodiments also haveseparate tunnel endpoints (e.g., corresponding to different interfaces)that face the inter-datacenter network for communication with other edgedevices at other datacenters. These tunnel endpoints are referred toherein as remote tunnel endpoints (RTEPs). In some embodiments, eachlogical network gateway implemented within a particular datacenterstores (i) VTEP records for determining destination tunnel endpointswithin the particular datacenter when processing data messages receivedfrom other logical network gateways (i.e., via the RTEPs) as well as(ii) RTEP group records for determining destination tunnel endpoints fordata messages received from within the particular datacenter.

FIG. 12 conceptually illustrates a set of mapping tables 1205 and 1210of the edge device 740 shown in FIG. 7 , which implements the activelogical network gateway for the logical switch 725. Both mapping tables1205 and 1210 map MAC addresses associated with the second logicalswitch 725 to tunnel endpoint IP addresses. In some embodiments, thedatapath on the edge device uses the first table 1205 for data messagesreceived via its RTEP and associated with the second logical switch 725(i.e., data messages associated with the VNI LS_B Global). In someembodiments, the edge device might host logical network gateways forother logical switches, and the VNI indicates which logical networkgateway stage the datapath executes for a data message. This first table1205 maps MAC addresses for logical network endpoint DCNs operating inthe datacenter of the logical network gateway to VTEP IPs (i.e., for theMFE on the same host computer as the DCN).

The datapath on the edge device 740 uses the second table 1210 for datamessages received via its VTEP (i.e., from host computers within thedatacenter 705) and associated with the second logical switch 725 (i.e.,data messages associated with the VNI LS_B DC_1). This second table mapsMAC addresses for logical network endpoint DCNs operating in otherdatacenters to groups of RTEP IP addresses for logical network gatewaysin each of those other datacenters. In this case, VM4 is located in thesecond datacenter 710, so its MAC address D maps to RTEP IP addresses Yand Z for edge devices 760 and 765. Similarly, because VM5 operates in athird datacenter, so its MAC address E maps to RTEP IP addresses Q and Rfor the edge devices implementing logical network gateways in thatdatacenter for the logical switch 725. As with the VTEP group shown inFIG. 8 , one of these RTEP IP addresses in each group is marked asactive in the active-standby case. When the logical network gatewaysoperate in active-active configuration, all of the RTEP IP addresses inthe group are marked as active and the datapath uses load balancing oranother selection mechanism to choose among the multiple RTEP IPaddresses.

To populate the tables shown in FIGS. 8 and 12 , in some embodiments thecentral control plane (CCP) cluster in a datacenter receives mappingsfrom the host computers and pushes these to the mappings to the relevantother host computers. For instance, the MFE on host computer 706 pushesto the CCP a mapping between MAC address A (for VM1) and its VTEP IPaddress J. Within the first datacenter 705, the CCP pushes this MAC toVTEP IP mapping to (i) the MFE executing on host computer 707, as wellas to the edge devices 730 and 735 implementing logical network gatewaysfor the logical switch 720 to which the MAC address attaches.

In addition, the CCP cluster in the first datacenter 705 shares thisinformation with the CCP clusters in the second and third datacenters.In some embodiments, the CCP cluster shares this mapping information asmapping all of the MAC addresses in the datacenter attached to thelogical switch 720 to the RTEP IP addresses for the edge devices 730 and735 that face the inter-datacenter network 770. The CCP cluster in agiven datacenter pushes (i) to the logical network gateways in thedatacenter, records mapping MAC addresses attached to a particularlogical switch and located in particular other datacenters to therespective RTEP IP addresses (i.e., to the RTEP group) for the logicalnetwork gateways for the particular logical switch located in thoseparticular other datacenters, and (ii) to the host computers in thedatacenter on which logical network endpoint DCNs operate that may senddata messages to DCNs attached to the particular logical switch withoutrequiring processing by any SRs, a record mapping MAC addresses attachedto the particular logical switch and located in any of the otherdatacenters to the VTEP IP addresses (i.e., to the VTEP group) for thelogical network gateways for the particular logical switch located inthe datacenter. Thus, the CCP cluster in the second datacenter 710pushes (i) the data shown in the table 1205 based on informationreceived from the host computers in the datacenter 710 and (ii) the datashown in the table 1210 based on information received from the CCPclusters in the other datacenters.

In some embodiments, in addition to learning this MAC address to tunnelendpoint mapping data through the CCP clusters, the MFEs and edgedevices can also learn the mapping data through ARP. When no mappingrecord is available for a forwarding element that needs to transmit anencapsulated data message, that forwarding element will send an ARPrequest. Typically, a source DCN (e.g., a VM) will send an ARP requestif that DCN does not have a MAC address for a destination IP address(e.g., of another logical network endpoint DCN). If the MFE on thesource host has this information, it proxies the ARP request andprovides the MAC address to the source DCN. If the source MFE does nothave the data, then it broadcasts the ARP request to (i) all MFEs in thedatacenter that participate in the logical switch to which the IPaddress belongs (e.g., that participate in a multicast group definedwithin the datacenter for the logical switch) and (ii) the logicalnetwork gateways for the logical switch within the datacenter.

If the destination DCN is located in the datacenter, then the source MFEwill receive an ARP reply with the MAC address of the destination DCN.This ARP reply will be encapsulated (as with the ARP request), andtherefore the source MFE can learn the MAC to VTEP mapping if thisrecord is not already in its mapping table.

If the destination DCN is located in another datacenter, then thelogical network gateway processes the ARP request. If the logicalnetwork gateway stores the ARP record, it proxies the request and sendsa reply, which allows the source MFE to learn that the MAC address isbehind the VTEP group of the logical network gateway if this informationis not already in the VTEP group record. If the logical network gatewaydoes not store the ARP record, it broadcasts the ARP request to thelogical network gateways at all of the other datacenters spanned by thelogical switch. These logical network gateways proxy the request andreply (if they have the information) or broadcast the request withintheir respective datacenters to the MFEs that participate in the logicalswitch (if they do not have the information). If a logical networkgateway replies, this reply is encapsulated and allows the logicalnetwork gateway that sent the inter-datacenter request to learn that theMAC address is behind that particular logical network gateway and addthe information to its RTEP group record (if that data is not already).

If an MFE receives an ARP request from a logical network gateway, thatMFE sends an encapsulated reply to the logical network gateway, therebyallowing the logical network gateway to learn the MAC address to RTEPgroup mapping. This reply is then sent back each stage of thetransmission chain, allowing the other logical network gateway and thesource MFE to learn the mapping. That is, each stage that forwarded theARP request learns (i) the ARP record mapping the DCN IP address to theDCN MAC address (so that future ARP requests for that IP address can beproxied), as well as (ii) the record mapping the DCN MAC address to arelevant tunnel endpoint.

FIG. 13 conceptually illustrates a process 1300 of some embodiments forprocessing a data message received by a logical network gateway from ahost computer within the same datacenter. The process 1300 is performed,in some embodiments, by an edge device that implements the logicalnetwork gateway. As shown, the process 1300 begins by receiving (at1305) a data message at a VTEP of the edge device. In some embodiments,this causes the edge device datapath to execute a specific stage forprocessing data messages received at the VTEP.

The process 1300 decapsulates (at 1310) the received data message toidentify the VNI stored in the encapsulation header. In someembodiments, the datapath stage executed for data messages received atthe VTEP stores a table that maps VNIs used within the datacenter tological switches for which the edge device implements a logical networkgateway. As described above, the local manager for the datacentermanages these VNIs and ensures that all of the VNIs are unique withinthe datacenter.

The process 1300 then determines (at 1315) whether the edge deviceimplements a logical network gateway for the logical switch representedby the VNI of the received data message. As described, edge devices mayimplement logical network gateways for multiple logical switches, andclusters of edge devices may include numerous computing devices (e.g.,8, 32, etc.) so that the logical network gateways can be load balancedacross the cluster. When the edge device does not implement the logicalnetwork gateway for the logical switch represented by the VNI, theprocess drops (at 1320) the data message or performs other operations onthe data message. For instance, if the VNI does not match any of theVNIs stored by the edge device for mapping to logical switches, or ifthe datapath identifies that the VNI maps to a logical switch for whichthe datapath implements a standby logical network gateway, the datapathdrops the data message. If the VNI maps to a transit logical switchconnecting to an SR implemented on the edge device, then someembodiments perform the SR operations, described further below. Theprocess then ends.

On the other hand, when the edge device does implement the logicalnetwork gateway for the logical switch represented by the VNI, theprocess identifies (at 1325) the RTEP group for the logical networkgateways for that logical switch at the datacenter where the destinationMAC address of the underlying data message is located. As describedabove by reference to the mapping table 1210 of FIG. 12 , the logicalnetwork gateway of some embodiments stores RTEP group records for eachother datacenter spanned by the logical switch. Each RTEP group record,in some embodiments, maps a set of two or more RTEPs for a givendatacenter (i.e., the RTEPs for the logical network gateways at thatdatacenter for the particular logical switch) to all MAC addressesconnected to the particular logical switch that are located at thatdatacenter. The logical network gateway maps the destination MAC addressof the underlying data message to one of the RTEP group records (usingARP on the inter-site network if no record can be found).

The process 1300 then selects (at 1330) one of the RTEP addresses fromthe RTEP group. In some embodiments, the logical network gateways for agiven logical switch are implemented in active-standby configuration, inwhich case this selection is based on identification of the RTEP for theactive logical network gateway (e.g., in the RTEP group record). Inother embodiments, the logical network gateways for a given logicalswitch are implemented in active-active configuration, in which case theselection may be based on a load-balancing algorithm (e.g., using ahash-based selection, round-robin load balancing, etc.).

The process 1300 also identifies (at 1335) the VNI corresponding to thelogical switch on the inter-datacenter network. In some embodiments, thedatapath uses a table that maps logical switches to the VNIs managed bythe global manager for the inter-datacenter network. In otherembodiments, the stage executed by the datapath for the logical switchincludes this VNI as part of its configuration information, so that noadditional lookup is required.

Next, the process 1300 encapsulates (at 1340) the data message using theselected RTEP address as well as the identified VNI. In someembodiments, the datapath encapsulates the data message with a tunnelheader (e.g., using VXLAN, Geneve, NGVRE, STT, etc.). Specifically, thetunnel header includes (i) a source RTEP IP address (that of the edgedevice performing the process 1300), (ii) a destination RTEP IP address(that of the edge device in another datacenter), and (iii) the VNI (inaddition to other fields, such as source and destination MAC address,encapsulation format specific fields, etc.). Finally, the process 1300transmits (at 1345) the encapsulated data message to theinter-datacenter network, so that it can be delivered to the destinationedge device. The process 1300 then ends. In some embodiments, theencapsulated data message is sent via a secure VPN, which may involveadditional encapsulation and/or encryption (performed either by the edgedevice or another computing device).

FIG. 14 conceptually illustrates a process 1400 of some embodiments forprocessing a data message received by a logical network gateway in onedatacenter from a logical network gateway in another datacenter. Theprocess 1400 is performed, in some embodiments, by an edge device thatimplements the logical network gateway. As shown, the process 1400begins by receiving (at 1405) a data message at an RTEP of the edgedevice. In some embodiments, this causes the edge device datapath toexecute a specific stage for processing data messages received at theRTEP.

The process 1400 decapsulates (at 1410) the received data message toidentify the VNI stored in the encapsulation header. In someembodiments, the datapath stage executed for data messages received atthe RTEP stores a table that maps VNIs used within the inter-datacenternetwork to logical switches for which the edge device implements alogical network gateway. As described above, the global manager for thefederated set of datacenters (or other physical sites) manages theseVNIs and ensures that all of the VNIs are unique within theinter-datacenter network.

The process 1400 then determines (at 1415) whether the edge deviceimplements a logical network gateway for the logical switch representedby the VNI of the received data message. As described, edge devices mayimplement logical network gateways for multiple logical switches, andclusters of edge devices may include numerous computing devices so thatthe logical network gateways can be load balanced across the cluster.When the edge device does not implement the logical network gateway forthe logical switch represented by the VNI, the process drops (at 1420)the data message or performs other operations on the data message. Forinstance, if the VNI does not match any of the VNIs stored by the edgedevice for mapping to logical switches, or if the datapath identifiesthat the VNI maps to a logical switch for which the datapath implementsa standby logical network gateway, the datapath drops the data message.It should also be noted that in some embodiments the logical networkgateway for a backplane logical switch connecting groups of peer SRs isimplemented on the same edge devices as the SRs. In this case, thedatapath stage for the logical network gateway is executed, followed bythe stage for the SR.

On the other hand, when the edge device does implement the logicalnetwork gateway for the logical switch represented by the VNI, theprocess identifies (at 1425) the VTEP to which the destination MACaddress of the underlying data message maps. As described above byreference to the mapping table 1205 of FIG. 12 , the logical networkgateway of some embodiments stores MAC address to VTEP mapping recordsfor the DCNs located in the datacenter that attach to the logicalswitch. The logical network gateway maps the destination MAC address ofthe underlying data message to one of the VTEP records (using ARP on thedatacenter network if no record can be found).

The process 1400 also identifies (at 1430) the VNI corresponding to thelogical switch within the datacenter. In some embodiments, the datapathuses a table that maps logical switches to the VNIs managed by the localmanager for the datacenter. In other embodiments, the stage executed bythe datapath for the logical switch includes this VNI as part of itsconfiguration information, so that no additional lookup is required.

Next, the process 1400 encapsulates (at 1435) the data message using theidentified VTEP address and VNI. In some embodiments, the datapathencapsulates the data message with a tunnel header (e.g., using VXLAN,Geneve, NGVRE, STT, etc.). Specifically, the tunnel header includes (i)a source VTEP IP address (that of the edge device performing the process1300), (ii) a destination VTEP IP address (that of the host computerhosting the destination logical network endpoint DCN), and (iii) the VNI(in addition to other fields, such as source and destination MACaddress, encapsulation format specific fields, etc.). Finally, theprocess 1400 transmits (at 1440) the encapsulated data message to thephysical network of the datacenter, so that it can be delivered to thehost computer hosting the destination DCN. The process 1400 then ends.

The use of VTEP and RTEP groups allows for failover of the logicalnetwork gateways in a particular datacenter without the need for everyhost in the datacenter to relearn all of the MAC addresses in all of theother datacenters that map to the logical network gateway VTEP or forall of the other logical network gateways for the logical switch in theother datacenters to relearn all of the MAC addresses in the particulardatacenter that map to the logical network gateway RTEP. As describedabove, the MAC to tunnel endpoint mappings may be shared by the CCPclusters and/or learned via ARP (or via receipt of data messages fromthe tunnel endpoints).

FIGS. 15A-B conceptually illustrate the failover of a logical networkgateway according to some embodiments over three stages 1505-1515.Specifically, in this example, referring to FIG. 7 , the active logicalnetwork gateway for the logical switch 725 in the first datacenter 705fails, and is replaced by the standby logical network gateway for thelogical switch 725 in that same datacenter.

The first stage 1505 illustrates that, prior to failover, in the firstdatacenter 705, the active logical network gateway for the logicalswitch 725 is implemented on edge device 740 and the standby logicalnetwork gateway for the logical switch 725 is implemented on edge device745. The MFE 800 (as well as the MFE 905) stores a VTEP group recordthat maps the MAC addresses D and E (for VMs 4 and 5) to a VTEP groupwith IP addresses T (as the active address) and S. In the seconddatacenter 710, the active logical network gateway for the logicalswitch 725 is implemented on edge device 760 and the standby logicalnetwork gateway for the logical switch 725 is implemented on edge device765. Each of these logical network gateways stores a RTEP group recordthat maps MAC address C (for VM3) to an RTEP group with IP addresses T(as the active address) and S. As mentioned, in some embodiments, theseIP addresses for the RTEPs are different than the IP addresses for theVTEPs of the same edge devices.

In addition, at the first stage 1505, the active logical network gatewayimplemented on the edge device 740 fails. The active logical networkgateway may fail for various reasons in different embodiments. Forinstance, if the entire edge device 740 or the datapath executingthereon crashes, then the logical network gateway will no longer beoperational. In addition, in some embodiments a control mechanism on theedge device regularly monitors the connection to the inter-datacenternetwork (via the RTEP) and the connection to the MFEs in the localdatacenter (via the VTEP). If either of these connections fails, thenthe edge device brings down the logical network gateway to inducefailover.

In some embodiments, the standby logical network gateway (or the edgedevice 745 on which this logical network gateway is implemented) listensfor failover of the active logical network gateway. In some embodiments,the edge devices that implement logical network gateways for aparticular logical switch are connected via control protocol sessions,such as Border Gateway Protocol (BGP) or Bi-Directional ForwardingDetection (BFD). This control protocol is used to form an inter-sitemesh in some such embodiments. In addition, the edge device on which thestandby logical network gateway is implemented uses the control protocolto identify failure of the active logical network gateway in someembodiments.

In the second stage 1510, the edge device 745 has detected the failureof the previous active logical network gateway on edge device 740 andhas taken over as the active logical network gateway for the logicalswitch 725 in the first datacenter 705. As shown, the edge device 745sends an encapsulated data message 1520 (e.g., a Geneve message) to allof the MFEs in the datacenter that participate in the logical switch725. In some embodiments, this includes not just MFEs executing on hostcomputers on which DCNs connected to the logical switch 725 reside(e.g., the MFE 905), but any other MFEs that send data traffic to thelogical network gateways for the logical switch 725 (e.g., the MFE 800,which is in the routing domain span of the logical switch 725). In someembodiments, this encapsulated data message 1520 includes the VNI forthe logical switch 725 in the datacenter 705 and specifies that thesource of the data message is the new active logical network gateway forthe logical switch 725 associated with that VNI (e.g., using a specialbit or set of bits in the encapsulation header).

As shown in the third stage 1515, this allows the MFEs to simply modifytheir list of VTEPs in the VTEP group record for the logical networkgateways, without the need to create a new record and relearn all of theMAC addresses for the record. For instance, the VTEP group record storedby the MFE 800 now lists S as the active VTEP IP address for logical MACaddresses D and E. In some embodiments, once a new standby logicalnetwork gateway is instantiated, the CCP cluster (or the edge device onwhich the new logical network gateway is implemented) notifies the MFEsin the datacenter 705 to add the VTEP IP address for that edge device totheir VTEP group record.

Also in the second stage 1510, the edge device 745 sends BGP messages1525 to all of the logical network gateways at any other datacentersspanned by the logical switch 725. In some embodiments, this is amessage using BGP protocol, but one which specifies that the sender isthe new active logical network gateway within the datacenter 705 for thelogical switch 725 (as opposed to being a typical BGP message). In someembodiments, the edge devices implementing logical network gateways fora logical switch form a BGP mesh, and the BGP messages 1525 are sent toall of the devices in this mesh.

As shown in the third stage 1515, this allows these other logicalnetwork gateways to simply modify the list of RTEPs in their RTEP grouprecord, without the need to create a new record and relearn all of theMAC addresses for the record. For instance, the RTEP group record storedby the edge device 760 now lists S as the active RTEP IP address forlogical MAC address C. In some embodiments, once a new standby logicalnetwork gateway is instantiated, the CCP clusters (or the edge device onwhich the new logical network gateway is implemented) notifies the otherlogical network gateways in their respective datacenters to add the RTEPIP address for that new edge device to their RTEP group records.

While the above description relates primarily to logical switches, thelogical networks of some embodiments are defined to include T1 and/or T0logical routers in addition to these logical switches. In someembodiments, logical switches (i.e., the logical switches to which DCNsconnect) connect directly to T1 logical routers (though they can alsoconnect directly to T0 logical routers as well), which can linkdifferent logical switches together as well as provide services to thelogical switches connected to them.

FIG. 16 conceptually illustrates an example of a logical network 1600 ofsome embodiments. The logical network includes a T0 logical router 1605and three T1 logical routers 1610-1620 that connect via router links tothe T0 logical router 1605. In addition, two logical switches 1625 and1630 connect to the first T1 logical router 1610, two logical switches1635 and 1640 connect to the second T1 logical router 1615, and onelogical switch 1645 connects to the third T1 logical router 1620. The T0logical router 1605 also provides a connection to external networks1650.

In some embodiments, T1 logical routers may be entirely distributed. Forinstance, the logical router 1610 does not provide stateful services,but rather provides a connection between the logical switches 1625 and1630 that avoids the use of a T0 logical router. That is, logicalnetwork endpoint DCNs attached to the logical switches 1625 and 1630 cansend messages to each other without requiring any processing by the T0logical router (or by any SRs). As such, the T1 logical router 1610 isdefined to include a DR, but no SRs.

T1 logical routers can also include centralized SR componentsimplemented on edge devices in some embodiments. These SR componentsperform stateful services for data messages sent to and from the DCNsconnected to the logical switches that connect to the T1 logical routerin some embodiments, in some embodiments. For instance, both logicalrouters 1615 and 1620 are configured to perform stateful services (e.g.,NAT, load balancing, stateful firewall, etc.).

In addition, in some embodiments, T1 logical routers (and accordingly,the logical switches connected to them) may be defined entirely within asingle datacenter or defined to span multiple datacenters. In someembodiments, constructs of the logical network that span multipledatacenters (e.g., T0 logical routers, T1 logical routers, logicalswitches, security groups, etc.) are defined by a network administratorthrough the global manager. However, a network administrator (e.g., thesame admin or a different, local admin) can also define networks thatare local to a specific datacenter through the global manager. These T1logical routers can be connected to a datacenter-specific T0 logicalrouter for handling data traffic with external networks, or can insteadbe connected to a T0 logical router of the datacenter-spanning logicalnetwork in some embodiments. As described below, whendatacenter-specific T1 logical routers are connected to a T0 logicalrouter that spans multiple datacenters, in some embodiments the SRs ofthe T0 logical router share routes advertised by the datacenter-specificT1 logical router.

When a globally-defined T1 logical router without SRs is connected to aT0 logical router (such as the logical router 1610), this logical router(and in turn the logical switches that connect to it) automaticallyinherits the span of the T0 logical router to which it connects. On theother hand, when a globally-defined T1 logical router is specified asproviding stateful services at SRs, the network administrator can definethe datacenters to which the T1 spans in some embodiments. For a T1logical router with stateful services, the network administrator candefine the T1 logical router to span to any of the datacenters spannedby the T0 logical router to which it connects; that is, the globalmanager does not allow the T1 logical router to be defined to spandatacenters not spanned by the T0 logical router. For instance, thesecond logical router 1615 is defined to span to datacenters 1 and 2(the T0 logical router 1605 spans three datacenters 1, 2, and 3), whilethe third logical router 1620 is defined to span to only datacenter 3.This logical router 1620 (and the logical switch 1645) could be definedthrough the global manager for the federated logical network or throughthe local manager for datacenter 3.

Some embodiments allow the T1 SRs to be deployed in active-active modeor active-standby mode, while other embodiments only allowactive-standby mode (e.g., if the SR is providing stateful services suchas a stateful firewall, stateful load balancing, etc.). The T1 SRs, insome embodiments, provide stateful services for traffic between (i) DCNsconnected to logical switches that connect to the T1 logical router and(ii) endpoints outside of that T1 logical router, which could includeendpoints external to the logical network and datacenter as well aslogical network endpoints connected to other logical switches. Forinstance, data messages between VMs connected to logical switch 1635 andVMs connected to logical switch 1640 would not require stateful services(these data messages would be processed as described above by referenceto FIGS. 9-11 ). On the other hand, data messages sent between VMsconnected to logical switch 1635 and VMs connected to logical switch1625 would be sent through the SRs for the logical router 1615 andtherefore have stateful services applied. Data messages sent between VMsconnected to logical switch 1635 and VMs connected to logical switch1645 would be sent through the SRs for both logical routers 1615 and1620.

In addition, for T1 logical routers that have SRs located in multipledatacenters, some embodiments allow (or require) the networkadministrator to select one of the datacenters as a primary site for theT1 logical router. In this case, all traffic requiring stateful servicesis routed to the primary site active SR. When a logical network endpointDCN that is located at a secondary datacenter sends a data message to anendpoint external to the T1 logical routers, the source MFE for the datamessage performs first-hop logical processing, such that the DR routesthe data message to the active SR within that secondary datacenter, andtransmits the data message through the datacenter according to thetransit logical switch for the datacenter between the T1 DR and T1 SR(e.g., using a VNI assigned to the transit logical switch by the localmanager within that datacenter). As described above by reference to FIG.3 , in some embodiments the network managers define a transit logicalswitch within each datacenter to connect the DR for the logical routerto the SRs within the datacenter for the logical router. As thesetransit logical switches each only span a single datacenter, there is noneed to define logical network gateways for the transit logicalswitches.

FIG. 17 conceptually illustrates the implementation of the SRs for thelogical routers 1615 and 1620 shown in FIG. 16 (there are no SRs forlogical router 1610). As shown in this figure, each of the threedatacenters 1705-1715 includes host computers 1720. For the logicalrouter 1615 that spans datacenters 1705 and 1710, two edge devices areassigned to implement the SRs (e.g., as stages in their respectivedatapaths) in each datacenter. The first datacenter 1705 is assigned asthe primary datacenter for the logical router 1615, and edge device 1725implements the active primary SR while edge device 1730 implements thestandby primary SR for the logical router 1615. The second datacenter1710 is therefore a secondary datacenter for the logical router 1615,and edge device 1735 implements an active secondary SR while edge device1740 implements a standby secondary SR for the logical router 1615. T1logical routers that span more than two datacenters, in someembodiments, have one primary datacenter and multiple secondarydatacenters.

The host computers 1720 in the first datacenter 1705 have informationfor sending to the edge devices 1725 and 1730 data messages routed tothe T1 SRs, but as shown by the solid lines only actually send trafficto the active SR in the datacenter (barring failover). Similarly, thehost computers 1720 in the second datacenter 1710 have information forsending to the edge devices 1735 and 1740 data messages routed to the T1SRs, but as shown by the solid lines only actually send traffic to theactive SR in the datacenter (barring failover). In addition, all of theedge devices 1725-1740 communicate (e.g., using a BGP mesh), but asshown by the solid line, data traffic is only sent between the activeedge devices 1725 and 1735 (barring failover). Separately, in the thirddatacenter 1715, two edge devices 1745 and 1750 are assigned toimplement the SRs for the logical router 1620. Because this logicalrouter only spans the third datacenter 1715, there is no need to assigna primary datacenter. Here, the edge device 1745 implements the activeSR while the edge device 1750 implements the standby SR for the logicalrouter 1620. The host computers 1720 in the third datacenter 1715 haveinformation for sending to the edge devices 1745 and 1750 data messagesrouted to the T1 SRs for this logical router 1620, but as shown by thesolid lines only actually send traffic to the active SR in thedatacenter (barring failover).

It should be noted that not every host computer 1720 in each of thedatacenters communicates directly with the edge devices 1725, 1735, and1745 implementing active T1 SR. For instance, if a particular hostcomputer in the first or second datacenters 1705 and 1710 does not hostany logical network endpoint DCNs connected to either of the logicalswitches 1635 or 1640, then that particular host computer will not senddata messages directly to (or receive data messages directly from) theedge devices implementing the SR for logical router 1615 (assuming thoseedge devices are not implementing other SRs or logical networkgateways). Similarly, host computers in the third datacenter 1620 thatdo not host any logical network endpoint DCNs connected to logicalswitch 1645 will not send data messages directly to (or receive datamessages directly from) the edge devices implementing the SR for logicalrouter 1620. In addition, as described below, host computers in any ofthe datacenters 1705-1715 that host logical network endpoint DCNsconnected to logical switches 1625 and/or 1630 may send data messagesdirectly to (and receive data messages directly from) edge devicesimplementing the SRs for T0 logical router 1605.

T0 logical routers, as mentioned, handle the connection of the logicalnetwork to external networks. In some embodiments, the T0 SRs exchangerouting data (e.g., using a routing protocol such as Border GatewayProtocol (BGP) or Open Shortest Path First (OSPF)) with physical routersof the external network, in order to manage this connection andcorrectly route data messages to the external routers. This routeexchange is described in further detail below.

Network administrators are able to connect the T1 logical routers to T0logical routers in some embodiments. For a T1 logical router with aprimary site, some embodiments define a link between the routers (e.g.,with a transit logical switch in each datacenter between the T1 SRs inthe datacenter and the T0 DR), but mark this link as down at all of thesecondary datacenters (i.e., the link is only available at the primarydatacenter). This results in the T0 logical router routing incoming datamessages only to the T1 SR at the primary datacenter.

The T0 SRs can be configured in active-active or active-standbyconfigurations. In either configuration, some embodiments automaticallydefine (i) a backplane logical switch that stretches across all of thedatacenters spanned by the T0 logical router to connect the SRs and (ii)separate transit logical switches in each of the datacenters connectingthe T0 DR to the T0 SRs that are implemented in that datacenter.

When a T0 logical router is configured as active-standby, someembodiments automatically assign one active and one (or more) standbySRs for each datacenter spanned by the T0 logical router (e.g., asdefined by the network administrator). As with the T1 logical router,one of the datacenters can be designated as the primary datacenter forthe T0 logical router, in which case all logical network ingress/egresstraffic (referred to as north-south traffic) is routed through the SR atthat site. In this case, only the primary datacenter SR advertisesitself to the external physical network as a next-hop for logicalnetwork addresses. In addition, the secondary T0 SRs route northboundtraffic to the primary T0 SR.

So long as there are no stateful services configured for the T0 logicalrouter, some embodiments also allow for there to be no designation of aprimary datacenter. In this case, north-south traffic may flow throughthe active SR in any of the datacenters. In some embodiments, differentnorthbound traffic may flow through the SRs at different datacenters,depending either on dynamic routes learned via routing protocol (e.g.,by exchanging BGP messages with external routers) or on static routesconfigured by the network administrator to direct certain trafficthrough certain T0 SRs. In addition, even when a primary datacenter isdesignated for the T0 logical router, some embodiments allow for thenetwork administrator to define exceptions so as to allow ingress/egressdata traffic to flow through the SRs at secondary datacenters (e.g., toavoid having traffic to and from local DCNs be sent through otherdatacenters). In some embodiments, the network administrator definesthese exceptions by defining static routes.

FIG. 18 conceptually illustrates the T1 SRs and T0 SRs implemented inthe three datacenters 1705-1715 for the logical routers 1605, 1615, and1620. The SRs for the T1 logical router 1615 implemented on edge devices1725-1740 as well as the SRs for the single-datacenter T1 logical router1620 implemented on edge devices 1745-1750 are described above byreference to FIG. 17 .

In addition, one active SR and one standby SR for the T0 logical router1605 are implemented on edge devices in each of the datacenters1705-1715 (e.g., as assigned by the local managers in each of thedatacenters). As shown, edge devices 1805-1815 implement active T0 SRsin each of the respective datacenters while edge devices 1820-1830implement standby T0 SRs in each of the respective datacenters.

Solid lines are used to illustrate data traffic flow, while dashed linesare used to illustrate connections that are only used for data trafficin the case of failover. As shown, in the first datacenter 1705, theedge device 1725 implementing the active primary T1 SR and the edgedevice 1805 implementing the active T0 SR exchange data traffic witheach other. However, because the router link between the secondary T1 SRand the T0 DR is marked as down, the edge device 1735 implementing theactive secondary T1 SR and the edge device 1810 implementing the activeT0 SR in the second datacenter 1710 do not exchange data traffic witheach other. In addition, in some embodiments, these connections are notmaintained unless the network administrator modifies the configurationfor the T1 logical router 1615 to change the primary datacenter. Similarto the first datacenter 1705, in the third datacenter 1715 the edgedevice 1745 implementing the active SR for the T1 logical router 1620and the edge device 1815 implementing the active T0 SR exchange datatraffic with each other. In some embodiments, the data traffic between aT1 SR and a T0 SR in the same datacenter is sent between VTEPs of theirrespective edge devices using a VNI assigned to either the transitlogical switch between the T0 SR and T0 DR or to the router link logicalswitch between the T0 DR and the T1 SR, depending on the direction andnature of the traffic.

Finally, the three edge devices 1805-1815 implementing the active T0 SRsexchange data traffic with each other through the inter-datacenternetwork (e.g., using the backplane logical switch connecting these SRs).In addition, all of the edge devices 1805-1830 maintain connections witheach other (e.g., using an internal BGP (iBGP) mesh). It should befurther noted that, as mentioned above, some of the host computers 1720may send data traffic directly to (or receive data directly from) theedge devices 1805-1815 implementing the active T0 SRs, if those hostcomputers host logical network endpoint DCNs connected to the logicalswitches 1625 and 1630, because data messages between those DCNs andexternal network endpoints will not require processing by any T1 SRs.

Some embodiments, as mentioned, also allow for active-activeconfiguration of the T0 SRs. In some such embodiments, the networkadministrator can define one or more active SRs (e.g., up to a thresholdnumber) for each datacenter spanned by the T0 logical router. FIG. 19conceptually illustrates the T1 SRs and T0 SRs implemented in the threedatacenters 1705-1715 for the logical routers 1605, 1615, and 1620 withthe T0 SRs implemented in active-active configuration. The SRs for theT1 logical router 1615 implemented on edge devices 1725-1740 as well asthe SRs for the single-datacenter T1 logical router 1620 implemented onedge devices 1745-1750 are described above by reference to FIG. 17 .

In addition, multiple active SRs for the T0 logical router 1605 areimplemented on edge devices 1905-1935 in each of the datacenters1705-1715 (e.g., as assigned by the local managers in each of thedatacenters). In this example, three T0 SRs are defined in the firstdatacenter 1705, while two T0 SRs are defined in each of the second andthird datacenters 1710 and 1715.

Solid lines are again used to illustrate data traffic flow, while dashedlines are used to illustrate connections that are only used for datatraffic in the case of failover. As in the previous figure, because therouter link between the secondary T1 SR and the T0 DR is marked as down,the edge device 1735 implementing the active secondary T1 SR and theedge device 1810 implementing the active T0 SR in the second datacenter1710 do not exchange data traffic with each other. In the firstdatacenter 1705, the edge device 1725 implementing the active primary T1SR exchanges data traffic with all three of the edge devices 1905-1915implementing the T0 SRs. In some embodiments, when the datapathimplementing the T1 SR on edge device 1725 processes a northbound datamessage, after routing the data message to the T0 DR, the processingpipeline stage for the T0 DR uses equal-cost multi-path (ECMP) routingto route the data message to one of the three active T0 SRs on edgedevices 1905-1915. Similarly, in the third datacenter 1715, the edgedevice 1745 implementing the active SR for the T1 logical router 1620exchanges data traffic with the edge devices 1930 and 1935 implementingthe T0 SRs.

In addition, different embodiments either allow or disallow theconfiguration of a primary datacenter for the active-activeconfiguration. If there is a primary datacenter configured, in someembodiments the T0 SRs at secondary datacenters use ECMP routing toroute northbound data messages to the primary T0 SRs (through theinter-datacenter network). In this example, ECMP is similarly used whenrouting data traffic from a T0 SR at one datacenter to a T0 SR atanother datacenter for any other reason (e.g., due to an egress routelearned via BGP).

FIG. 20 conceptually illustrates a more detailed view of the edgedevices hosting active SRs for the T0 logical router 1605 and the T1logical router 1615 in datacenters 1705 and 1710, and will be used todescribe processing of data messages through the logical and physicalnetworks. As shown, some of the host computers 1720 in the firstdatacenter 1705 (i.e., host computers on which endpoint DCNs connectedto logical switches 1635 and 1640 execute) connect to the edge device1725 that implements the primary active SR for the T1 logical router1615, and this edge device 1725 connects to the edge device 1805 thatimplements the active SR for the T0 logical router 1605. In addition,some host computers 1720 in the first datacenter 1705 (i.e., hostcomputers on which endpoint DCNs connected to logical switches 1625 and1630 execute) connect to the edge device 1805 that implements the activeSR for the T0 logical router 1605.

In the second datacenter 1710, some of the host computers 1720 (i.e.,host computers on which endpoint DCNs connected to logical switches 1635and 1640 execute) connect to the edge device 1735 that implements thesecondary active SR for the T1 logical router 1615. This edge device,because it hosts a secondary SR, does not connect to the edge device1810 that implements the active SR for the T0 logical router 1605 in thedatacenter (though if other SRs for another logical network wereimplemented on the edge devices, they could communicate over thephysical datacenter network for that purpose). In addition, some hostcomputers 1720 in the second datacenter 1710 (i.e., host computers onwhich endpoint DCNs connected to logical switches 1625 and 1630 execute)connect to the edge device 1810 that implements the active SR for the T0logical router 1605 in this datacenter.

The figure also illustrates that the datapaths on each of theillustrated edge devices 1725, 1805, 1735, and 1810 executes the logicalnetwork gateway for the backplane logical switch connecting the relevantSRs. As described above, in some embodiments a backplane logical switchis automatically configured by the network managers to connect the SRsof a logical router. This backplane logical switch is stretched acrossall of the datacenters at which SRs are implemented for the logicalrouter, and therefore logical network gateways are implemented at eachof these datacenters for the backplane logical switch. In someembodiments, the network managers link the SRs of a logical router withthe logical network gateways for the backplane logical switch connectingthose SRs, so that they are always implemented on the same edge devices.That is, the active SR within a datacenter and the active logicalnetwork gateway for the corresponding backplane logical switch withinthat datacenter are assigned to the same edge device, as are the standbySR and standby logical network gateway. If either the SR or the logicalnetwork gateway need to failover (even if for a reason that wouldotherwise affect only one of the two), then both will failover together.Keeping the SR with the logical network gateway for the correspondingbackplane logical switch avoids the need for extra physical hops whentransmitting data messages between datacenters, as shown in the examplesbelow.

In the following examples, data message processing is described for thecase of active-standby SRs for both the T1 logical router 1615 and theT0 logical router 1605. If the SRs for the T0 logical router 1605 areimplemented in active-active configuration, then data messages describedas routed to the active T0 SR in a particular datacenter would be routedto one of the active T0 SRs in the particular datacenter using ECMP. Itshould also be noted that these data message processing examples aredescribed on the assumption that no ARP is required, and that all of thelogical MAC address to tunnel endpoint records are stored by the variousMFEs and edge devices as required.

FIG. 21 conceptually illustrates the logical forwarding processing(e.g., switching & routing) applied to an east-west data message sentfrom a first logical network endpoint DCN behind a first T1 logicalrouter to a second logical network endpoint DCN behind a second T1logical router. Specifically, in this example, the source DCN1 connectsto the logical switch 1635 and resides on a host computer located in thesecond datacenter 1710, while the destination DCN2 connects to thelogical switch 1625 and resides on a host computer located in the firstdatacenter 1705. The logical switch 1635 connects to the T1 logicalrouter 1615 (which has stateful services, and therefore SRs) while thelogical switch 1625 connects to the T1 logical router 1610 (which isentirely distributed).

As shown, the initial processing is performed by an MFE 2100 on the hostcomputer where DCN1 operates. This MFE 2100 performs processingaccording to the logical switch 1635, which logically forwards the datamessage to the DR for the connected T1 logical router 1615 (based on thelogical MAC address of the data message). The DR for this logical router1615 is configured to route the data message to the SR for the samelogical router within the same datacenter 1710 (e.g., according to adefault route), via the transit logical switch used for connecting thesetwo routing components. Thus, the MFE 2100 encapsulates the data messageusing the VNI for this transit logical switch and sends the data messagethrough the datacenter network to the edge device 1735 that implementsthe secondary SR for the T1 logical router 1615.

The edge device 1735 receives the data message at one of its VTEPs andidentifies the transit logical switch based on the VNI in the tunnelheader. According to this transit logical switch, the datapath on theedge device 1735 executes the stage for the SR of the logical router1615. Because this is the active SR within the secondary datacenter forthe logical router 1615, the datapath stage routes the data message tothe active SR for the logical router 1615 in the primary datacenter 1705according to its routing table which, as described below, is configuredby a combination of the network managers and routing protocolsynchronization between the SRs. Based on this routing, the datapathexecutes the stage for logical network gateway for the backplane logicalswitch connecting the T1 SRs of the logical router 1615. The edge device1735 therefore transmits the data message (using the VNI for thebackplane logical switch) to the edge device 1725 implementing theactive T1 SR in the primary datacenter.

Thus, the edge device implementing an active T1 SR at the primarydatacenter for a particular logical router may receive outbound datamessages from either the other edge devices implementing active T1 SRsfor that logical router at secondary datacenters (via an RTEP) or fromMFEs at host computers within the primary datacenter (via a VTEP). Inthis case, the edge device 1725 receives the data message via its RTEPfrom the edge device 1735, and uses the backplane logical switch VNI toexecute the datapath stage for the backplane logical network gateway,which then calls the datapath to execute the stage(s) for the SR for thelogical router 1615. The primary T1 SR performs stateful services (e.g.,stateful firewall, load balancing, etc.) on this data message inaddition to routing the data messages, depending on its configuration.In some embodiments, the primary T1 SR includes a default route to routedata messages to the DR of the T0 logical router to which the T1 logicalrouter is linked, which is used in this case to route the data messageto the DR for the T0 logical router 1605.

Thus, the datapath executes a stage for the router link logical switch(also referred to here as a transit logical switch) between the T1logical router 1615 and the T0 logical router 1605, then executes thestage for the T0 DR. Depending on whether the data message is directedto a logical network endpoint (e.g., connected to a logical switchbehind a different T1 logical router) or an external endpoint (e.g., aremote machine connected to the Internet), the T0 DR will route themessage to the other T1 logical router or to the T0 SR. In someembodiments, the T0 DR has a default route to the T0 SR in its samedatacenter. However, in this case, the T0 DR also has a static route forthe IP address of the underlying data message (e.g., based on theconnection of the T1 logical router 1610 to the T0 logical router 1605)to route the data message to the DR of the logical router 1610 (whichdoes not have any SRs). Accordingly, because the data message does notneed to be sent to any additional edge devices (which would be the caseif the T1 logical router 1615 also included SRs), the datapath executesstages for the router link transit logical switch between the T0 logicalrouter 1605 and the T1 logical router 1610, the DR of the logical router1610 (which routes the data message to its destination via the logicalswitch 1625), and for this logical switch 1625.

The stage for logical switch 1625 identifies the destination MAC addressand encapsulates the data message with its VNI within the datacenter1705 and the VTEP IP address for the host computer at which DCN2resides. The edge device 1725 transmits this encapsulated data messageto the MFE 2105, which delivers the data message to DCN2 according tothe destination MAC address and the logical switch context.

In addition to the requirement that the primary SR for a T1 logicalrouter process all data messages between endpoints connected to alogical switch that connects to that logical router and all endpointsexternal to that logical router, in some embodiments a T0 logical routermay have specific egress points for certain external network addresses.As such, a northbound data message originating from a DCN located at afirst datacenter might be transmitted (i) from the host computer to afirst edge device implementing a secondary T1 SR at the firstdatacenter, (ii) from the first edge device to a second edge deviceimplementing the primary T1 SR at a second datacenter, (iii) from thesecond edge device to a third edge device implementing the T0 SR at thesecond datacenter, and (iv) from the third edge device to a fourth edgedevice implementing the T0 SR at a third datacenter, from which the datamessage egresses to the physical network.

FIG. 22 conceptually illustrates the logical forwarding processingapplied to such a northbound data message sent from the logical networkendpoint DCN1. As shown in this figure, the processing at the source MFE2100 and the edge device 1735 is the same as in FIG. 21 —using defaultroutes, the DR for the T1 logical router 1615 routes the data message tothe SR in its datacenter 1710, which routes the data message to theprimary SR for the T1 logical router 1615 in the datacenter 1705, andthis data message is sent between datacenters according to the logicalnetwork gateway for the backplane logical switch connecting these SRs.

At the edge device 1725, the initial processing is also the same, withthe primary T1 SR routing the data message to the T0 again according toits default route. The datapath stage for the T0 DR, in this case,routes the data message to the T0 SR in the same datacenter 1705according to its default route, rather than a static route. As such, thedatapath executes the stage for the transit logical switch between theT0 DR and T0 SR within the datacenter 1705 and transmits the datamessage between edge device VTEPs using the VNI for this transit logicalswitch.

Based on the logical switch context, the edge device 1805 executes thedatapath stage for the T0 SR. In this example, the T0 SR in the firstdatacenter 1705 routes the data message to the T0 SR in the seconddatacenter 1710. This routing decision could be based on a default orstatic route configured by a network administrator (e.g., to send allegress traffic or egress traffic for specific IP addresses through thesecond datacenter 1710) or based on dynamic routing as described below(because an external router connected to the second datacenter 1710advertised itself as a better route for the destination IP address ofthe data message). Based on this routing, the datapath executes thestage for logical network gateway for the backplane logical switchconnecting the T0 SRs of the logical router 1605. The edge device 1805therefore transmits the data message (using the VNI for the backplanelogical switch) to the edge device 1810 implementing the active T0 SR inthe second datacenter 1710.

This edge device 1810 receives the data message via its RTEP from theedge device 1805 and uses the backplane logical switch VNI to executethe datapath stage for the backplane logical network gateway, which thencalls the datapath to execute the stage(s) for the SR for the T0 logicalrouter 1605. This T0 SR routes the data message to an external routeraccording to either a default route or a route for a more specific IPaddress prefix, and outputs the data message from the logical networkvia an uplink VLAN in some embodiments.

In general, southbound data messages do not necessarily follow the exactreverse path as did the corresponding northbound data message. If thereis a primary datacenter defined for a T0 SR, then this SR will typicallyreceive the southbound data messages from the external network (byvirtue of advertising itself as the next hop for the relevant logicalnetwork addresses). If no T0 SR is designated as primary, then anyactive T0 SR at any of the datacenters may receive a southbound datamessage from the external network (though typically the T0 SR thattransmitted corresponding northbound data messages will receive thesouthbound data messages).

The T0 SR in some embodiments, is configured to route the data messageto the datacenter with the primary T1 SR, as this is the only datacenterfor which a link between the T0 logical router and the T1 logical routeris defined. Thus, the T0 SR routes the data message to the T0 SR at theprimary datacenter for the T1 SR with which the data message isassociated. In some embodiments, the routing table is merged for the T0SR and T0 DR for southbound data messages, so that no additional stagesneed to be executed for the transit logical switch and T0 DR. In thiscase, at the primary datacenter for the T1 logical router, in someembodiments the merged T0 SR/DR stage routes the data message to theprimary T1 SR, which may be implemented on a different edge device. Theprimary T1 SR performs any required stateful services on the datamessage, and proceeds with routing as described above.

In some embodiments, these southbound data messages are always receivedinitially at the primary datacenter T1 SR after T0 processing. This isbecause, irrespective of in which datacenter the T0 SR receives anincoming data message for processing by the T1 SR, the T0 routingcomponents are configured to route the data message to the primarydatacenter T1 SR to have the stateful services applied. The primarydatacenter T1 SR applies these services and then routes the data messageto the T1 DR. The edge device in the primary datacenter that implementsthe T1 SR can then perform logical processing for the T1 DR and thelogical switch to which the destination DCN connects. If the DCN islocated in a remote datacenter, the data message is sent through thelogical network gateways for this logical switch (i.e., not thebackplane logical switch). Thus, the physical paths for ingress andegress traffic could be different, if the logical network gateways forthe logical switch to which the DCN connects are implemented ondifferent edge devices than the T1 SRs and backplane logical switchlogical network gateways. Similarly, reverse east-west traffic thatcrosses multiple T1 logical routers (e.g., if DCN2 sent a return datamessage to DCN1 in the example of FIG. 21 ) may follow a different pathdue to first-hop processing.

FIGS. 23 and 24 conceptually illustrate different examples of processingfor southbound data messages. FIG. 23 , specifically, illustrates thelogical forwarding processing applied to a southbound data message sentfrom an external endpoint (that ingresses to the logical network at thesecond datacenter 1710) to DCN1 (which connects to the logical switch1635 and also resides on a host computer located in the seconddatacenter 1710).

As shown in this figure, the southbound data message is received at theedge device 1810 that connects to the external network in the seconddatacenter 1710. Based on, e.g., being received via a particular uplinkVLAN, the edge device datapath executes the stage for the T0 SR. This T0SR routes the data message to the T0 SR in the first datacenter 1705. Insome embodiments, because the first datacenter 1705 is the primarydatacenter for the T1 logical router 1615, the SRs for the T0 logicalrouter 1605 in other datacenters are configured to route data messageswith IP addresses associated with that logical router 1615 to their peerT0 SRs in the first datacenter 1705. These IP addresses could be NAT IPaddresses, load balancer virtual IP addresses (LB VIPs), IP addressesbelonging to subnets associated with the logical switches 1635 and 1640,etc. Based on this routing, the datapath executes the stage for logicalnetwork gateway for the backplane logical switch connecting the SRs ofthe T0 logical router 1605. The edge device 1810 therefore transmits thedata message (using the VNI for the backplane logical switch) to theedge device 1805 implementing the active T0 SR in the first datacenter1705.

The edge device 1805 receives the data message via its RTEP from theedge device 1810 and uses the backplane logical switch VNI to executethe datapath stage for the backplane logical network gateway, which thencalls the datapath to execute the stage(s) for the SR for the logicalrouter 1605. As mentioned, in some embodiments the SR and DR routingtables are merged on the gateways (so as to avoid having to executeadditional datapath stages for southbound data messages). Thus, the T0SR stage uses this merged routing table to route the data message to theSR of the T1 logical router 1615 in the same datacenter 1705. This routeis only configured in the routing table for the merged T0 SR/DR in theprimary datacenter for the T1 logical router (and not in the otherdatacenters). Thus, the datapath executes a stage for the router linktransit logical switch between the T0 logical router 1605 and the T1logical router 1615, which encapsulates the data message using the VNIfor this logical switch as well as the VTEPs of the edge device 1805 andthe edge device 1725 on which the primary T1 SR is implemented. The edgedevice 1805 then transmits the encapsulated data message to the edgedevice 1725.

Based on the logical switch context, the edge device 1725 executes thedatapath stage for the primary SR for the T1 logical router 1615. Aswith T0 logical router 1605, the primary SR and DR routing tables arealso merged for the T1 logical router 1615, so that additional datapathstages are not required for southbound data messages. This stageperforms any required stateful services (e.g., NAT, LB, firewall, etc.)and the merged routing table routes the data message to the logicalswitch 1635 based on the destination IP address (possibly afterperforming NAT). The stage for the logical switch 1635 identifies thedestination MAC address that is connected to that logical switch, andthe destination MAC address maps to a VTEP group record for the logicalnetwork gateway within the first datacenter 1705 (assuming that this isnot also implemented on the edge device 1725). As shown, the edge device1725 transmits an encapsulated data message (using the VNI for thelogical switch 1635 in the datacenter 1705) to the edge device 2305implementing the logical network gateway for the logical switch 1635 inthe datacenter 1705.

This edge device 2305 executes the logical network gateway, whichperforms VNI translation as described above, and sends the data messagethrough the inter-datacenter network to edge device 2310 that implementsthe logical network gateway for the logical switch 1635 in the seconddatacenter 1710 (using the intra-datacenter VNI for the logical switch1635). This edge device 2310 also executes the logical network gatewayfor data messages received at the RTEP, which performs VNI translationand transmits the data message through the network of the seconddatacenter 1710 to the MFE 2100, which in turn delivers the data messageto DCN1.

FIG. 24 conceptually illustrates the logical forwarding processingapplied to a southbound data message sent from an external endpoint(that ingresses to the logical network at the second datacenter 1710) toDCN2 (which connects to the logical switch 1625 and resides on a hostcomputer located in the first datacenter 1705). Because the logicalswitch 1625 is behind the T1 logical router 1610 that is entirelydistributed, the data message processing is simpler than in the exampleof FIG. 23 .

As shown, the southbound data message is received at the edge device1810 that connects to the external network in the second datacenter1710. Based on, e.g., being received via a particular uplink VLAN, theedge device executes the datapath stage for the T0 SR (which is mergedwith the T0 DR for routes that do not require sending the data messageto another peer T0 SR. Because the T1 logical router 1610 is entirelydistributed, all of the T0 SRs (i.e., in any of the datacenters) routeto the T1 DR for this logical router any data messages havingdestination IP addresses associated with the logical router. Thus, thedatapath executes the stage for the router link transit logical switchbetween the T0 logical router 1605 and the T1 logical router 1610, whichin turn calls the stage for the DR of the T1 logical router 1610. Thisstage routes the data message to the logical switch 1625 based on thedestination IP address. The stage for the logical switch 1625 identifiesthat the destination MAC address is connected to that logical switch,and the destination MAC address maps to a VTEP group record for thelogical network gateway within the second datacenter 1710 (assuming thatthis is not also implemented on the edge device 1810). As shown, theedge device 1810 transmits an encapsulated data message (using the VNIfor the logical switch 1625 in the datacenter 1710) to the edge device2405 implementing the logical network gateway for the logical switch1625 in the datacenter 1710.

This edge device 2405 executes the logical network gateway, whichperforms VNI translation as described above, and sends the data messagethrough the inter-datacenter network to edge device 2410 that implementsthe logical network gateway for the logical switch 1625 in the firstdatacenter 1705 (using the intra-datacenter VNI for the logical switch1625). This edge device 2410 also executes the logical network gatewayfor data messages received at the RTEP, which performs VNI translationand transmits the data message through the network of the firstdatacenter 1705 to the MFE 2105, which in turn delivers the data messageto DCN2.

It should be noted that, as with the examples shown in FIGS. 22 and 23 ,the northbound and southbound paths for data messages to and from DCN2(attached to the logical switch 1625) may also be different. In thiscase, a northbound message from DCN2 to an external endpoint reachablethrough the second datacenter 1710 would be sent directly from the MFE2105 to the edge device 1805 implementing the SR for T0 logical router1605 (after the MFE 2105 performed processing for the logical switch1625, the DR of T1 logical router 1610, the DR of the T0 logical router1605, and intervening transit or router link logical switches. The edgedevice 1805 would then transmit the northbound data message (using theVNI for the backplane logical switch of the T0 SR) to the edge device1810 implementing the active T0 SR in the second datacenter 1710, whichwould in turn route the data message to the external network.

As mentioned, the routing tables for the various SRs and DRs are definedin part by the local managers in some embodiments. More specifically,the local managers define the routing configurations for the SRs and DRs(of both T1 and T0 logical routers), and push this routing configurationto the edge devices and host computers that implement these logicalrouting components. For logical networks in which all of the LFEs aredefined at the global manager, the global manager pushes to the localmanagers the configuration information regarding all of the LFEs thatspan to their respective datacenters. These local managers use thisinformation to generate the routing tables for the various logicalrouting components implemented within their datacenters.

FIG. 25 conceptually illustrates a process 2500 of some embodiments forconfiguring the edge devices in a particular datacenter based on alogical network configuration. In some embodiments, the process 2500 isperformed by the local manager and/or management plane (when themanagement plane is separate from the local manager) in the particulardatacenter. In addition, while the process 2500 describes variousoperations performed upon receiving an initial logical networkconfiguration, it should be understood that some of the operations maybe performed on their own upon receiving modifications to the logicalnetwork configuration that affect the edge devices in the datacenter.

As shown, the process 2500 begins by receiving (at 2505) a logicalnetwork configuration from the global manager. In some embodiments, asdescribed in greater detail in U.S. patent application Ser. No.16/906,944, filed Jun. 19, 2020, now issued as U.S. Pat. No. 11,088,916,which is incorporated by reference above, when the global managerreceives configuration data for the logical network, the global managerdetermines the span for each of the logical network entities andprovides the configuration data for each of those entities to the localmanagers at the appropriate datacenters.

The process 2500 then identifies (at 2510) logical routers in theconfiguration for which SRs are required in the datacenter. In someembodiments, any T0 logical router that spans to the datacenter requiresone or more SRs in the datacenter. In addition, any T1 logical routerthat spans to the datacenter and for which centralized components aredefined also requires one or more SRs in the datacenter. In someembodiments, the SR is defined at least in part at the global manager(e.g., by the network administrator providing configuration data for theSR).

In addition, the process 2500 determines (at 2515) whether anylocally-defined logical network elements have been defined. As describedabove, in some embodiments a network administrator can define networkelements (e.g., logical routers, logical switches, security groups,etc.) specific to a particular datacenter via the local manager for thatdatacenter. If the administrator has defined local network elements, theprocess 2500 identifies (at 2520) logical routers in this local networkfor which one or more SRs are required. These could also include T1and/or T0 logical routers. The T1 logical routers may be linked to T0logical routers of the global network in some embodiments.

With the SRs identified, the process 2500 selects (at 2525) edge devicesfor the active and standby SRs. In some embodiments, the networkadministrator, when defining a logical router to span to a particulardatacenter, does so by linking the logical router with a particularcluster of edge devices at the global manager. In this case, the globalmanager provides this information to the local manager. Similarly, forlogical routers defined at the local manager, the network administratorcan also link these with a logical manager. Each logical router with SRsis also configured to be either active-standby or active-active (and, ifactive-active, the configuration specifies the number of active SRs toconfigure in the datacenter). In addition to this information, someembodiments also use load balancing techniques (possibly in conjunctionwith usage data for the edge devices in a selected cluster) to selectthe edge devices for active and standby SRs from the specified edgeclusters.

The process 2500 also computes (at 2530) routing tables for each of theSRs in the datacenter. These routing tables may vary in complexitydepending on the type of logical router and whether the SR is asecondary SR or a primary SR. For instance, for a T1 logical router,each secondary SR is configured with a default route to the primary T1SR by the local manager at the T1 SR. As the secondary SRs should notreceive southbound data messages, in some embodiments this is the onlyroute with which they are configured. Similarly, the primary SR isconfigured with a default route to the T0 DR in some embodiments. Inaddition, the primary SR is configured with routes for routing datatraffic to the T1 DR. In some embodiments, a merged routing table forthe primary SR and DR of the T1 logical router is configured to handlerouting southbound data messages to the appropriate stretched logicalswitch at the primary T1 SR.

For a T0 logical router, the majority of the routes for routing logicalnetwork traffic (e.g., southbound traffic) are also configured for theT0 SRs by the local managers. To handle traffic to stretched T1 logicalrouters, the T0 SRs are configured with routes for logical networkaddresses handled by these T1 logical routers (e.g., network addresstranslation (NAT) IP addresses, load balancer virtual IP addresses (LBVIPs), logical switch subnets, etc.). In some embodiments, the T0 SRrouting table (merged with the T0 DR routing table) in the samedatacenter as the primary SR for a T1 logical router is configured withroutes to the primary T1 SR for these logical network addresses. Inother datacenters, the T0 SR is configured to route data messages forthese logical network addresses to the T0 SR in the primary datacenterfor the T1 logical router.

As noted, a network administrator can also define LFEs that are specificto a datacenter in some embodiments and link those LFEs to the largerlogical network through the local manager for the specific datacenter(e.g., by defining a T1 logical router and linking the T1 logical routerto a T0 logical router of the larger logical network). In some suchembodiments, configuration data regarding the T1 logical router will notbe distributed to the other datacenters implementing the T0 logicalrouter. In this case, in some embodiments, the local manager at thespecific datacenter configures the T0 SR implemented in this datacenterwith routes for the logical network addresses related to the T1 logicalrouter. This T0 SR exchanges these routes with the T0 SRs at the otherdatacenters via a routing protocol application as described below,thereby attracting southbound traffic directed to these networkaddresses.

In addition, one or more of the T0 SRs will generally be connected toexternal networks (e.g., directly to an external router, or atop-of-rack (TOR) forwarding element that in turn connects to externalnetworks) and exchange routes with these external networks. In someembodiments, the local manager configures the edge devices hosting theT0 SRs to advertise certain routes to the external network and to notadvertise others, as described further below. If there is only a singleegress datacenter for the T0 SR, then the T0 SR(s) in that datacenterwill learn routes from the external network via a routing protocol andcan then share these routes with the peer T0 SRs in the otherdatacenters.

When there are multiple datacenters available for egress, typically allof the T0 SRs will be configured with default routes that direct trafficto their respective external network connections. In addition, the T0SRs will learn routes for different network addresses from theirrespective external connections and can share these routes with theirpeer T0 SRs in other datacenters so as to attract northbound traffic forwhich they are the optimal egress point.

The process 2500 also determines (at 2535) routing protocol (e.g., BGP)session configurations for the SRs. As described in more detail below,some embodiments define a mesh of internal BGP (iBGP) sessions betweenall of the SRs for a given logical router. This can include the activeand standby SRs (so that the standby SRs can use this BGP session tonotify the other SRs in case of failover). In addition, some SRs (e.g.,T0 SRs) share routes over these iBGP sessions in order to attracttraffic for datacenter-specific IP addresses, etc. Furthermore, someembodiments configure external BGP (eBGP) sessions for any T0 SRs thatare specified to connect to external networks, thereby allowing the T0SRs to (i) receive routes from external network routers (which can beshared via the iBGP) sessions and (ii) advertise routes to theseexternal network routers in order to attract logical network traffic.

In addition to the SRs, the process 2500 also identifies (at 2540) anystretched logical switches that span to the datacenter. In someembodiments, these logical switches are identified in the logicalnetwork configuration received from the global manager. The stretchedlogical switches may include those to which logical network endpointDCNs connect as well as backplane logical switches used to connectgroups of peer SRs.

The process 2500 selects (at 2545) edge devices for the active andstandby logical network gateways of these stretched logical switches.For backplane logical switches, as described above, the local managerlinks the logical network gateways with the SRs in some embodiments, soas to avoid unnecessary extra hops. For user-defined logical switches,in some embodiments the edge cluster from which to select for edgedevices the logical network gateways will have been specified by theadministrator, while in other embodiments the local manager selects anedge cluster and then selects specific edge devices from the cluster. Inaddition to this information, some embodiments also use load balancingtechniques (possibly in conjunction with usage data for the edge devicesin a selected cluster) to select the edge devices for active and standbylogical network gateways from the chosen edge clusters.

In addition, the process 2500 determines (at 2550) routing protocol(e.g., BGP) session configurations for the logical network gateways. Forbackplane logical switches, some embodiments use the SR iBGP sessions tohandle failover, so additional sessions are not needed. For the logicalnetwork gateways for user-defined logical switches, additional iBGPsessions are defined to handle failover. Because the logical networkgateways are not routers, there is no need to share routes via theseiBGP sessions.

Finally, the process 2500 pushes (at 2555) the SR and logical networkgateway configuration data (including the BGP session configurationdata) to the selected edge devices. The process 2500 then ends. In someembodiments, the local manager and/or management plane provides thisdata to the CCP cluster in the datacenter, which in turn provides thedata to the correct edge devices. In other embodiments, for at leastsome of the configuration data (e.g., the BGP configurationinformation), the management plane provides the data directly to theedge devices.

As discussed, in some embodiments, in order to handle this routeexchange (between T0 SR peers, between T1 SR peers (in certain cases),and between T0 SRs and their external network routers), the edge deviceson which SRs are implemented execute a routing protocol application(e.g., a BGP or OSPF application). The routing protocol applicationestablishes routing protocol sessions with the routing protocolapplications on other edge devices implementing peer SRs as well as withany external network router(s). In some embodiments, each routingprotocol session uses a different routing table (e.g., a virtual routingand forwarding table (VRF)) for each routing protocol session. For T1SRs, some embodiments use the routing protocol session primarily tonotify the other peer T1 SRs that a given T1 SR is the primary SR forthe T1 logical router, and to handle failover. When failover occurs, forexample, the new primary T1 SR sends out a routing protocol messageindicating that it is the new primary T1 SR and default routes for theother T1 SR peers should be directed to its IP and MAC address ratherthan that of the previous active primary T1 SR.

FIG. 26 conceptually illustrates the routing architecture of an edgedevice 2600 of some embodiments. As mentioned above, in some embodimentsthe edge device 2600 is a bare metal computing device, in which all ofthe illustrated components execute in the primary operating system. Inother embodiments, these components execute within a virtual machine orother DCN that operates on the edge device. As shown the edge deviceincludes a set of controller modules 2605, a routing protocolapplication 2610, and a datapath module 2615.

The datapath module 2615, as described above, executes the edge datapathstages. These stages, in some embodiments, can include logical networkgateway stages for logical switches, T0 and/or T1 logical router stages(both DR and/or SR stages), transit logical switch stages, etc. In someembodiments, each logical router stage uses a datapath VRF 2620 that isconfigured with the routing table for that logical router stage. Inother embodiments, the datapath VRF 2620 is used (potentially along withthe control VRF 2625) by the controller module 2605 to generate arouting table for use by the datapath 2615 for a logical router stage(rather than the datapath module 2615 directly accessing the datapathVRF 2620).

The routing protocol application 2610 manages routing protocol sessions(e.g., using BGP or OSPF) with (i) other routing protocol applicationsat peer edge devices 2630 (i.e., other edge devices that implement peerSRs) and (ii) one or more external routers 2635. As mentioned, in someembodiments, each routing protocol session uses a specific VRF (thoughmultiple routing protocol sessions may use the same VRF). Specifically,in some embodiments, the routing protocol application 2610 uses twodifferent VRFs for route exchange for a given T0 SR.

First, each T0 SR has the datapath VRF 2620 that is used by the datapathmodule 2615 for processing data messages sent to the T0 SR (or is theprimary source for the routing table used by the datapath module 2615 toimplement the T0 SR). In some embodiments, the routing protocolapplication 2610 uses this datapath VRF 2620 for route exchange with theexternal network router(s) 2635. Routes for any prefixes identified foradvertisement to the external networks are used by the datapath module2615 to implement the T0 SR, and the routing protocol application 2610advertises these routes to the external networks. In addition, when therouting protocol application receives routes from the external router(s)2635 via routing protocol messages, the routing protocol application2610 automatically adds these routes to the datapath VRF 2620 for use bythe datapath module 2615 to implement the T0 SR.

In addition, in some embodiments, the routing protocol application 2610is configured to import routes from the datapath VRF 2620 to a secondVRF 2625 (referred to as the control VRF). The routing protocolapplication 2610 uses the control VRF 2625 for the routing protocolsessions with other edge devices 2630 that implement SRs for the same T0logical router. Thus, any routes learned from the session with theexternal network router(s) 2635 at the edge device 2600 can be sharedvia the control VRF 2625 with all of the other edge devices 2630. Whenthe routing protocol application 2610 receives a route from a peer edgedevice 2630 implementing the same T0 SR, in some embodiments theapplication 2610 also adds this route to the datapath VRF 2620 forimplementing the T0 SR by the datapath module 2615 only so long as thereis not already a better route in the datapath VRF for the same prefix(i.e., a route with a shorter administrative distance).

The controller modules 2605 are one or more modules responsible forreceiving configuration data from the network management system (e.g.,from the local manager, management plane, and/or CCP cluster in thedatacenter in which the edge device 2600 operates) and configuring therouting protocol application 2610 and the datapath module 2615. For thedatapath, in some embodiments, the controller modules 2605 actuallyconfigure various configuration databases, VRFs (e.g., the datapath VRF2620), and/or routing tables that specify the configuration for thevarious stages executed by the datapath module 2615. The datapath module2615 and its configuration according to some embodiments is described ingreater detail in U.S. Pat. No. 10,084,726, which is incorporated hereinby reference.

In some embodiments, the controller modules 2605 also configure therouting protocol application 2610 to (i) setup the routing protocolsessions with the edge devices 2630 and the external router(s) 2635 and(ii) manage the exchange of routes between the datapath VRF 2620 and thecontrol VRF 2625. In other embodiments, the controller modules 2605manage the exchange of routes between the datapath VRF 2620 and thecontrol VRF 2625, and this is not part of the configuration for therouting protocol application 2610. In some embodiments, theconfiguration for the routing protocol sessions includes the IPaddresses of the other edge devices 2630 (e.g., RTEP IP addresses or IPaddresses for control interfaces) and the routers 2635. Thisconfiguration information may also indicate the active/standby as wellas primary/secondary (if relevant) status of each of the T0 SRs withwhich an internal session is being setup.

As indicated above, the use of two VRFs allows for different VRFs forthe route exchange sessions with the external router(s) and with peeredge devices. The use of the routing protocol application 2610 to moveroutes between these VRFs also allows for one edge device to learn aroute from the external router for a given network address prefix andthen attract traffic for that route from the other edge devicesimplementing the SRs for the same logical router. In addition, the useof the two different VRFs allows for segregation of route distributioncontrol for internal connectivity (the control VRF) and externalconnectivity (the datapath VRF). In some embodiments, the control VRF iscontrolled by the network management system whereas the datapath VRF iscontrolled by the network administrator (in this case, only the datapathVRF is exposed to the user).

FIGS. 27A-B conceptually illustrate the exchange of routes between twoedge devices 2700 and 2725 over four stages 2705-2720. These two edgedevices 2700 and 2725 implement two T0 SR peers (i.e., SRs for the sameT0 logical router). The BGP application 2730 on the first edge device2700 manages an iBGP session with the BGP application 2735 on the secondedge device 2725 as well as an eBGP session with an external router (notshown). The first edge device 2700 stores a control VRF 2740 for theiBGP session and a datapath VRF 2745 for the eBGP session (and for useby the datapath module (not shown) or for generating the routing tablefor the datapath module). Similarly, the second edge device 2725 storesa control VRF 2750 for the iBGP session and a datapath VRF 2755 for anyeBGP sessions with external routers (and for use by its datapath module(also not shown) or for generating the routing table for its datapathmodule). As shown at the first stage 2705, the datapath VRF 2745includes a route for the IP prefix 129.5.5.0/24 with a next hop addressof 10.0.0.1. In this case, this is a route added to the datapath VRF2745 by the BGP application 2730 based on receipt of the route from theexternal router via the eBGP session.

In the second stage 2710, the route for 129.5.5.0/24 is imported fromthe datapath VRF 2745 to the control VRF 2740 (e.g., by the BGPapplication 2730 or the control module (not shown) on the edge 2700). Asdescribed further below, in some embodiments any route in the datapathVRF is imported to the control VRF unless that route is specificallytagged (e.g., using a BGP community) to not be shared with edge devicesimplementing peer SRs.

Next, in the third stage 2715, the BGP application 2730 sends an iBGPmessage advertising a route for the prefix 129.5.5.0/24 to the BGPapplication 2735 on the edge device 2725. This message indicates thatthe next hop for the route is 192.0.0.1, an IP address associated withan interface of the SR. As shown at this stage, the BGP application 2735adds this route to the control VRF 2750.

Finally, at the fourth stage 2720, the route is imported from thecontrol VRF 2750 to the datapath VRF 2755 (e.g., by the BGP application2735 or the control module (not shown) on the edge 2725). Based on thisroute, the datapath stage for the SR on the second edge device 2735 willroute data messages for IP addresses in the subnet 129.5.5.0/24 to theSR implemented on the first edge device 2700. Some embodiments tag thisroute in the datapath VRF 2755 (e.g., using a BGP community) to not beexported, so that the BGP application 2735 will not advertise the prefixto any external routers.

FIG. 28 conceptually illustrates a similar exchange of routes over twostages 2805-2810, except that in this case the datapath VRF 2755 in thesecond edge device 2725 already has a route for the prefix. The firststage 2805 is similar to the third stage 2715 of FIG. 27 , with the BGPapplication 2730 on the first edge device 2700 sending an iBGP messageadvertising a route for the IP prefix 192.5.6.0/24 to the BGPapplication 2735 on the second edge device 2725. A route for this prefix(with a next hop of 10.0.0.1) is already stored in both the datapath VRF2745 and control VRF 2740 on the first edge device 2700, and based onthis iBGP message the BGP application 2735 adds the route for thisprefix (having a next hop of IP address of 192.0.0.1 for the SRinterface) to its control VRF 2750.

In addition, the datapath VRF 2755 on the second edge device alreadystores a route for the IP prefix 192.5.6.0/24, with a next hop addressof 10.0.0.2 (e.g., corresponding to an external router to which the edgedevice 2725 connects). This route stored in the datapath VRF 2755 has ashorter administrative distance (i.e., higher priority) on the edgedevice 2725 than the newly received route to the other edge device 2700.In this case, as shown at the second stage 2810, the route is notimported from the control VRF 2750 to the datapath VRF 2755.

In some embodiments, the decision whether to import a route learned fromthe control VRF 2750 to the datapath VRF 2755 (and, in turn, whether touse such a route in the forwarding table for the SR implemented by thedatapath of the edge device) depends on the configuration for the SR.For a T0 SR that does not designate primary or secondary datacenters(e.g., a T0 SR in active-active configuration or active-standbyconfiguration without preference between datacenters), some embodimentsprefer static routes or routes learned via eBGP (i.e., routes alreadyexisting in the datapath VRF) to routes learned from peer SRs via iBGP(i.e., routes added to the control VRF). In addition, this samepreference is used for logical routers with multiple T0 SRs implementedin a single datacenter (i.e., that are not stretched betweendatacenters).

However, if the T0 logical router is stretched across multipledatacenters and one of the datacenters is designated as the primarydatacenter for ingress/egress, some embodiments factor in thisconfiguration when determining whether to add a route from the controlVRF to the datapath VRF (and thus use the route from the control VRF forthe T0 SR routing table). Specifically, at a secondary T0 SR, some suchembodiments will prefer routes learned via iBGP from the primary T0 SR(i.e., a route in the control VRF) to routes learned via eBGP from anexternal router. That is, even in an primary/secondary configuration,some embodiments allow the secondary T0 SRs to have connections toexternal routers and use these connections for network addresses unlessthe primary T0 SR advertises itself as a next hop for those addresses.Some embodiments use BGP community tags and/or weight to ensure thatroutes learned via eBGP from the primary T0 SR are preferred over routeslearned from external routers.

It should be noted that while the above description regarding use ofboth a datapath VRF and a control VRF refers to a T0 SR that isstretched across multiple federated datacenters, in some embodiments theconcepts also apply to logical routers generically. That is, any logicalrouter that has centralized routing components which share routes witheach other as well as with an external network or other logical routersmay use a similar setup with both datapath and control VRFs. Inaddition, the use of both a datapath VRF and a control VRF applies insome embodiments to logical routers (e.g., T0 logical routers) oflogical networks that are confined to a single datacenter. SRs of suchlogical routers may still have asymmetric connections to externalnetworks (e.g., due to the connection setup, connection failures, etc.)and therefore need to exchange routes with each other.

In addition, the description provided by reference to FIGS. 26-28relates to a situation in which only one T0 SR is implemented on eachedge device. For edge devices on which multiple SRs are implemented(e.g., multiple T0 SRs), different embodiments may use a single controlVRF or multiple control VRFs. Using multiple control VRFs allows for theroutes for each SR to be kept separate, and only provided to other peerSRs via an exclusive routing protocol session. However, in a networkwith numerous SRs implemented on the same edge device and each SRpeering with other SRs in multiple other datacenters, this solution maynot scale well because numerous VRFs and numerous routing protocolsessions are required on each edge device.

Thus, some embodiments use a single control VRF on each edge device,with different datapath VRFs for each SR. When routes are imported froma datapath VRF to the control VRF, these embodiments add a tag or set oftags to the routes that identifies the T0 SR. For instance, someembodiments use multiprotocol BGP (MP-BGP) for the routing protocol anduse the associated route distinguishers and route targets as tags.Specifically, the tags both (i) ensure that all network addresses areunique (as different logical networks could have overlapping networkaddress spaces) and (ii) ensure that each route is exported to thecorrect edge devices and imported into the correct datapath VRFs.

FIG. 29 conceptually illustrates the routing architecture of an edgedevice 2900 of some embodiments. As with the edge device 2600 describedabove, in some embodiments the edge device 2900 is a bare metalcomputing device, in which all of the illustrated components execute inthe primary operating system. In other embodiments, these componentsexecute within a virtual machine or other DCN that operates on the edgedevice. As shown, the edge device 2900 includes a datapath module 2905and a routing protocol application 2910. For the sake of simplicity, thecontroller modules that configure the routing protocol application 2910and datapath module 2905, and provide the initial routes for the variousVRFs, are not shown in this figure.

As shown, the edge device 2900 now stores one control VRF 2915 as wellas three datapath VRFs 2920-2930, for three different T0 SRs (i.e., SRsfor three different logical routers). All three of these VRFs 2920-2930are used by the datapath module 2905, such that when the datapathexecutes a stage for a particular router, the datapath uses thecorresponding VRF to route the data message. The routing protocolapplication 2910 manages three separate routing protocol sessions withexternal routers using the three different datapath VRFs—the datapathVRF 2920 for the T0 SR-A is used for a routing session with a firstexternal router 2935, while the datapath VRFs 2925 and 2930 for T0 SR-Band T0 SR-C are used for routing sessions with a second external router2940. These external routers have different next hop IP addresses insome embodiments.

The routing protocol application 2910 uses the control VRF 2915 forrouting protocol sessions with multiple other edge devices 2945-2955.These edge devices 2945 implement SRs for different combinations of thethree T0 logical routers A, B, and C, and thus all have routing protocolsessions configured with the routing protocol application 2910 on theedge device 2900. In addition, the routing protocol application 2910imports routes from all three of these datapath VRFs 2920-2930 to thecontrol VRF 2915. In some embodiments, the routing protocol applicationruns multiprotocol BGP (MP-BGP), which allows the use of tags on routesto (i) differentiate routes for the same IP prefix and (ii) indicatewhether to export the routes to specific other routers (in this case,other edge devices 2945-2955) or import the routes to specific VRFs (inthis case, the datapath VRFs 2920-2930). Specifically, MP-BGP uses routedistinguishers to differentiate routes for the same IP prefix that areimported to the control VRF 2915 from different datapath VRFs. Inaddition, the MP-BGP application uses route targets to determine whetherto (i) provide a particular route in the control VRF 2915 to anotheredge device and (ii) import a particular route from the control VRF 2915to a particular datapath VRF.

FIGS. 30A-C conceptually illustrate the exchange of routes from the edgedevice 2900 to two of the other edge devices 2945 and 2950 over threestages 3005-3015. As described by reference to FIG. 29 , the first edgedevice 2900 implements T0 SRs for logical routers A, B, and C. As shownhere, the second edge device 2945 (i) executes a BGP application 3020and (ii) implements T0 SRs for logical routers A and C (and thereforestores a control VRF 3025 and two datapath VRFs 3030 and 3035). Thethird edge device 2950 (i) executes a BGP application 3040 and (ii)implements a T0 SR for logical router B (and therefore stores a controlVRF 3045 and a datapath VRF 3050).

As shown at the first stage, the control VRF 2915 includes threeseparate routes for the IP prefix 129.5.5.0/24, which are all taggedwith route distinguishers and route targets (in this example, as isoften the case, the route distinguishers and route targets are the samevalues). The route distinguisher T0A is used to identify routes from theT0A datapath VRF 2920, the route distinguisher T0B is used to identifyroutes from the T0B datapath VRF 2925, and the route distinguisher T0Cis used to identify routes from the T0C datapath VRF 2930. In addition,the route target T0A is used to identify routes that should be exportedto peer T0 SRs for logical router A, the route target T0B is used toidentify routes that should be exported to peer T0 SRs for logicalrouter B, and the route target T0C is used to identify routes thatshould be exported to peer T0 SRs for logical router C. The BGPapplication 2910 is configured, in some embodiments, to only send routeswith the route target T0A via routing protocol sessions with other edgedevices that implement T0 SRs for the logical router A.

The second stage 3010 illustrates that the BGP application 2910 on thefirst edge device 2900 sends iBGP messages to both the BGP application3020 on the second edge device 2945 and the BGP application 3040 on thethird edge device 2950. The BGP message to the second edge device 2945advertises routes for the two prefixes tagged with route targets of T0Aand T0C. As shown in the figure, the route tagged with the T0A routetarget specifies a next hop IP address of 192.0.0.1 (an IP addressassociated with an interface of SR-A) while the route tagged with theT0C route target specifies a next hop IP address of 192.0.0.3 (an IPaddress associated with an interface of SR-C). The BGP message to thethird edge device 2950 advertises a route for the prefix tagged with theroute target T0B, which specifies a next hop IP address of 192.0.0.2 (anIP address associated with an interface of SR-B). The route targetsenable the BGP application 3040 to only send routes to the other edgedevices for SRs that are implemented on those edge devices.

The third stage 3015 illustrates that the BGP applications 3020 and 3040on the edge devices 2945 and 2950 (i) add these routes to theirrespective control VRFs 3025 and 3045 based on receiving the routes viaiBGP sessions from the edge device 2900 and (ii) import the routes fromthe respective control VRFs to the appropriate datapath VRFs accordingto the route targets. As shown, the control VRF 3025 on the edge device2945 now includes both of the routes for T0-A and T0-C, the datapath VRF3030 for T0-A includes the route with the corresponding route target(but not the route for T0-C), and the datapath VRF 3035 for T0-Cincludes the route with the corresponding route target (but not theroute for T0-A). The control VRF 3045 and the datapath VRF 3050 bothinclude the route with the route target T0B.

In addition to tags used to differentiate routes associated withdifferent logical routers, some embodiments use additional tags on theroutes to convey user intent and determine whether or not to advertiseroutes in the datapath VRF to external networks. For instance, someembodiments use BGP communities to tag routes. As described above,routes in the datapath VRF for a given SR may be (i) configured by thelocal manager and/or management plane, (ii) learned via route exchangewith the external network router(s), and/or (iii) added from the controlVRF after route exchange with other SR peers.

For example, the local manager and/or management plane will configurethe initial routing table for an SR. For a T0 SR, this will typicallyinclude a default route (to send otherwise unknown traffic to either apeer T0 SR or an external router), any administrator-configured staticroutes, and routes for directing traffic to various T1 logical routersthat connect to the T0 logical router. These routes may include at leastroutes for NAT IP addresses, LB VIPs, public IP subnets associated withlogical switches. In addition, routes for private IP subnets may beconfigured in some embodiments. If a T1 logical router does not span toa particular datacenter in which a T0 SR is being configured, the T0 SRmay nevertheless be configured with routes for IP addresses associatedwith that logical router. However, if a T1 logical router is defined ata local manager of one datacenter and connected to a T0 logical routerthat spans to other datacenters, in some embodiments the T0 SRs at thoseother datacenters will not initially be configured with routes foraddresses associated with that T1 logical router.

FIG. 31 conceptually illustrates a process 3100 of some embodiments fordetermining whether and how to add a route to a datapath VRF accordingto some embodiments. In some embodiments, the process 3100 is performedby a routing protocol application executing on an edge device (e.g., aBGP application) on which at least one SR (e.g., a T0 SR) executes. Thisrouting protocol application manages a control VRF for routing protocolsessions with peer edge devices (e.g., in other datacenters) and adatapath VRF for use by the datapath module when implementing the SR aswell as for routing protocol sessions with at least one external router.

As shown, the process 3100 begins by receiving (at 3105) a route fromanother edge device (e.g., via iBGP). For example, this could be a routethat the peer edge device learned via route exchange with an externalnetwork router or could be a route for logical network addressesassociated with a datacenter-specific logical router that theadministrator at the other datacenter configured through the localmanager.

The process 3100 determines (at 3110) whether to add the route to thedatapath VRF. As described above, if the datapath VRF for a particularSR already has a route for a particular IP address prefix with an equalor higher priority to the received route, then the routing protocolapplication does not add the newly received route to the datapath VRF.In some embodiments, the order of route preference for prefixes learnedfrom multiple sources is (i) user-configured routes (e.g., staticroutes), (ii) at a secondary SR, routes learned from a primary peer SR,(iii) routes learned (directly) from external routers, (iv) routeslearned from a peer SR in the same datacenter (e.g., in active-activeconfiguration), and (v) routes learned from a peer SR in anotherdatacenter (e.g., in active-active configuration). In addition, whilethe process 3100 only references a single datapath VRF, it should beunderstood that if multiple datapath VRFs are in use on the edge device,then the routing protocol application only adds the route to thedatapath VRF for the appropriate SR (e.g., using the route target tagappended to the route). If the route is not added to the datapath VRF,the process 3100 ends.

Next, the process 3100 identifies (at 3115) a BGP community tag (orother, similar, tag, used to convey how the prefix should be treated forBGP purposes) appended to the route as received from the peer SR. BGPcommunity tags may be used, in different embodiments, to specify whetherto advertise a route at all, whether to advertise a route only tocertain peers (e.g., only iBGP peers), or for otheradministrator-defined purposes. In addition, some routes may not have acommunity tag at all. In some embodiments, the tag may be used by thesending edge device to more granularly identify the source of routes(e.g., routes learned from eBGP route exchange with external routers,local datacenter-specific routes such as LB VIPs, NAT IPs, public IPsubnets, etc.).

The process 3100 then determines (at 3120) whether to modify the BGPcommunity tag when adding the route to the datapath VRF. In someembodiments, whether to modify the BGP community tag is based on rulesdefined by the network administrator and configured at the routingapplication. For instance, it may be desirable for certain prefixes tobe exchanged from one peer to another, but not advertised by thereceiving peer. As an example, routes that a first T0 SR learns fromroute exchange with an external router will be imported into the controlVRF and thus shared with a second T0 SR in a different datacenter.However, while these routes may be added to the datapath VRF for thesecond T0 SR, they should not necessarily be advertised out to externalnetworks by the second T0 SR, because the T0 SRs should not become aconduit for routing traffic between the external network at onedatacenter and the external network at another datacenter (i.e., trafficunrelated to the logical network). Thus, depending on the configuration,some embodiments modify the BGP community tag when adding these routesto the datapath VRF. Some embodiments use the NO_EXPORT tag whenexchanging these routes between T0 SRs, which allows for the route to beadvertised to iBGP peers, but not to eBGP peers. Specifically, someembodiments automatically add the NO_EXPORT tag to routes added to thedatapath VRF at an edge device based on route exchange with eBGP peers.

When the process 3100 determines that the BGP community tag should bemodified, the process adds (at 3125) the route to the datapath VRF withthe modified community tag. This could involve modifying a route fromNO_EXPORT to NO_ADVERTISE (e.g., so that a route received from a T0 SRpeer is not advertised to either external router peers or other T0 SRs),or any custom modification. On the other hand, when the BGP communitytag does not require modification, the process 3100 adds (at 3130) theroute to the datapath VRF with the current BGP community tag (e.g., asreceived from the peer T0 SR).

Finally, the process 3100 determines (at 3135) whether to advertise theroute to external routers based on the community tag on the route in thedatapath VRF. As mentioned, some embodiments may use the NO_EXPORT,NO_ADVERTISE, and/or administrator-defined community tags in order toprevent the routes from being advertised (e.g., routes for networksexternal to another datacenter, routes for private subnets, etc.). Theprocess 3100 advertises (at 3140) the route to the external routers viaeBGP if the BGP community tag for the route does not indicate that theroute should not be advertised.

FIG. 32 conceptually illustrates an electronic system 3200 with whichsome embodiments of the invention are implemented. The electronic system3200 may be a computer (e.g., a desktop computer, personal computer,tablet computer, server computer, mainframe, a blade computer etc.),phone, PDA, or any other sort of electronic device. Such an electronicsystem includes various types of computer readable media and interfacesfor various other types of computer readable media. Electronic system3200 includes a bus 3205, processing unit(s) 3210, a system memory 3225,a read-only memory 3230, a permanent storage device 3235, input devices3240, and output devices 3245.

The bus 3205 collectively represents all system, peripheral, and chipsetbuses that communicatively connect the numerous internal devices of theelectronic system 3200. For instance, the bus 3205 communicativelyconnects the processing unit(s) 3210 with the read-only memory 3230, thesystem memory 3225, and the permanent storage device 3235.

From these various memory units, the processing unit(s) 3210 retrieveinstructions to execute and data to process in order to execute theprocesses of the invention. The processing unit(s) may be a singleprocessor or a multi-core processor in different embodiments.

The read-only-memory (ROM) 3230 stores static data and instructions thatare needed by the processing unit(s) 3210 and other modules of theelectronic system. The permanent storage device 3235, on the other hand,is a read-and-write memory device. This device is a non-volatile memoryunit that stores instructions and data even when the electronic system3200 is off. Some embodiments of the invention use a mass-storage device(such as a magnetic or optical disk and its corresponding disk drive) asthe permanent storage device 3235.

Other embodiments use a removable storage device (such as a floppy disk,flash drive, etc.) as the permanent storage device. Like the permanentstorage device 3235, the system memory 3225 is a read-and-write memorydevice. However, unlike storage device 3235, the system memory is avolatile read-and-write memory, such a random-access memory. The systemmemory stores some of the instructions and data that the processor needsat runtime. In some embodiments, the invention's processes are stored inthe system memory 3225, the permanent storage device 3235, and/or theread-only memory 3230. From these various memory units, the processingunit(s) 3210 retrieve instructions to execute and data to process inorder to execute the processes of some embodiments.

The bus 3205 also connects to the input and output devices 3240 and3245. The input devices enable the user to communicate information andselect commands to the electronic system. The input devices 3240 includealphanumeric keyboards and pointing devices (also called “cursor controldevices”). The output devices 3245 display images generated by theelectronic system. The output devices include printers and displaydevices, such as cathode ray tubes (CRT) or liquid crystal displays(LCD). Some embodiments include devices such as a touchscreen thatfunction as both input and output devices.

Finally, as shown in FIG. 32 , bus 3205 also couples electronic system3200 to a network 3265 through a network adapter (not shown). In thismanner, the computer can be a part of a network of computers (such as alocal area network (“LAN”), a wide area network (“WAN”), or an Intranet,or a network of networks, such as the Internet. Any or all components ofelectronic system 3200 may be used in conjunction with the invention.

Some embodiments include electronic components, such as microprocessors,storage and memory that store computer program instructions in amachine-readable or computer-readable medium (alternatively referred toas computer-readable storage media, machine-readable media, ormachine-readable storage media). Some examples of such computer-readablemedia include RAM, ROM, read-only compact discs (CD-ROM), recordablecompact discs (CD-R), rewritable compact discs (CD-RW), read-onlydigital versatile discs (e.g., DVD-ROM, dual-layer DVD-ROM), a varietyof recordable/rewritable DVDs (e.g., DVD-RAM, DVD-RW, DVD+RW, etc.),flash memory (e.g., SD cards, mini-SD cards, micro-SD cards, etc.),magnetic and/or solid state hard drives, read-only and recordableBlu-Ray® discs, ultra-density optical discs, any other optical ormagnetic media, and floppy disks. The computer-readable media may storea computer program that is executable by at least one processing unitand includes sets of instructions for performing various operations.Examples of computer programs or computer code include machine code,such as is produced by a compiler, and files including higher-level codethat are executed by a computer, an electronic component, or amicroprocessor using an interpreter.

While the above discussion primarily refers to microprocessor ormulti-core processors that execute software, some embodiments areperformed by one or more integrated circuits, such as applicationspecific integrated circuits (ASICs) or field programmable gate arrays(FPGAs). In some embodiments, such integrated circuits executeinstructions that are stored on the circuit itself.

As used in this specification, the terms “computer”, “server”,“processor”, and “memory” all refer to electronic or other technologicaldevices. These terms exclude people or groups of people. For thepurposes of the specification, the terms display or displaying meansdisplaying on an electronic device. As used in this specification, theterms “computer readable medium,” “computer readable media,” and“machine readable medium” are entirely restricted to tangible, physicalobjects that store information in a form that is readable by a computer.These terms exclude any wireless signals, wired download signals, andany other ephemeral signals.

This specification refers throughout to computational and networkenvironments that include virtual machines (VMs). However, virtualmachines are merely one example of data compute nodes (DCNs) or datacompute end nodes, also referred to as addressable nodes. DCNs mayinclude non-virtualized physical hosts, virtual machines, containersthat run on top of a host operating system without the need for ahypervisor or separate operating system, and hypervisor kernel networkinterface modules.

VMs, in some embodiments, operate with their own guest operating systemson a host using resources of the host virtualized by virtualizationsoftware (e.g., a hypervisor, virtual machine monitor, etc.). The tenant(i.e., the owner of the VM) can choose which applications to operate ontop of the guest operating system. Some containers, on the other hand,are constructs that run on top of a host operating system without theneed for a hypervisor or separate guest operating system. In someembodiments, the host operating system uses name spaces to isolate thecontainers from each other and therefore provides operating-system levelsegregation of the different groups of applications that operate withindifferent containers. This segregation is akin to the VM segregationthat is offered in hypervisor-virtualized environments that virtualizesystem hardware, and thus can be viewed as a form of virtualization thatisolates different groups of applications that operate in differentcontainers. Such containers are more lightweight than VMs.

Hypervisor kernel network interface modules, in some embodiments, is anon-VM DCN that includes a network stack with a hypervisor kernelnetwork interface and receive/transmit threads. One example of ahypervisor kernel network interface module is the vmknic module that ispart of the ESXi™ hypervisor of VMware, Inc.

It should be understood that while the specification refers to VMs, theexamples given could be any type of DCNs, including physical hosts, VMs,non-VM containers, and hypervisor kernel network interface modules. Infact, the example networks could include combinations of different typesof DCNs in some embodiments.

While the invention has been described with reference to numerousspecific details, one of ordinary skill in the art will recognize thatthe invention can be embodied in other specific forms without departingfrom the spirit of the invention. In addition, a number of the figures(including FIGS. 6, 13, 14, 25, and 31 ) conceptually illustrateprocesses. The specific operations of these processes may not beperformed in the exact order shown and described. The specificoperations may not be performed in one continuous series of operations,and different specific operations may be performed in differentembodiments. Furthermore, the process could be implemented using severalsub-processes, or as part of a larger macro process. Thus, one ofordinary skill in the art would understand that the invention is not tobe limited by the foregoing illustrative details, but rather is to bedefined by the appended claims.

We claim:
 1. A method for implementing a logical router that spans aplurality of datacenters, the method comprising: receiving aconfiguration for a set of logical switches and a logical router that(i) handles data traffic between data compute nodes (DCNs) connected tothe logical switches and endpoints not connected to the set of logicalswitches and (ii) performs stateful services on the data traffic, theDCNs comprising at least one DCN operating in each datacenter of theplurality of datacenters; for each datacenter in the plurality ofdatacenters, defining a centralized routing component for the logicalrouter for handling the data traffic between the DCNs in the datacenterand the endpoints not connected to the set of logical switches; anddesignating one of the centralized routing components as a primarycentralized routing component and the other centralized routingcomponents as secondary centralized routing components, wherein thesecondary centralized routing components forward data traffic, receivedfrom DCNs in their respective datacenters and for which statefulservices are required, to the primary centralized routing component. 2.The method of claim 1 further comprising defining a distributed routingcomponent for the logical router, wherein the distributed routingcomponent spans the plurality of datacenters and is implemented by hostcomputers in each of the datacenters as well as by edge computingdevices to which the centralized routing components are assigned in eachof the datacenters.
 3. The method of claim 2 further comprising, foreach datacenter in the plurality of datacenters, defining a transitlogical switch that connects the distributed routing component to thecentralized routing component defined for the datacenter.
 4. The methodof claim 3 further comprising defining a backplane logical switch thatconnects the centralized routing components in each datacenter to eachother, wherein the secondary centralized routing components forward datatraffic to the primary centralized routing component via the backplanelogical switch.
 5. The method of claim 2, wherein data traffic sent froma first DCN connected to a first logical switch of the set of logicalswitches to a second DCN connected to a second logical switch of the setof logical switches is processed by the distributed routing componentand not by any of the centralized routing components.
 6. The method ofclaim 1, wherein the primary centralized routing component performsstateful services on (i) data traffic received from secondarycentralized routing components, (ii) data traffic received from hostcomputers in the same datacenter as the primary centralized routingcomponent and directed to endpoints not connected to the set of logicalswitches, and (iii) data traffic received from endpoints not connectedto the set of logical switches and directed to DCNs connected to the setof logical switches.
 7. The method of claim 6, wherein the logicalrouter is a first logical router, wherein data traffic received fromendpoints not connected to the set of logical switches is previouslyprocessed by a second logical router that directly connects the firstlogical router to external networks.
 8. The method of claim 1, whereinthe endpoints not connected to the set of logical switches comprise DCNsconnected to logical switches that connect to other logical routers. 9.The method of claim 1, wherein the set of logical switches and thelogical router are part of a logical network implemented across theplurality of datacenters, wherein the endpoints not connected to the setof logical switches comprise endpoints external to the plurality ofdatacenters.
 10. The method of claim 1, wherein the designation of theprimary centralized routing component is based on a user designating thedatacenter for which the primary centralized routing component isdefined as a primary datacenter for the logical router.
 11. The methodof claim 1, wherein defining the centralized routing components for eachdatacenter comprises defining an active centralized routing componentand a standby centralized routing component for the logical router foreach datacenter of the plurality of datacenters.
 12. The method of claim1, wherein the stateful services comprise at least one of networkaddress translation and edge firewall services.
 13. The method of claim1, wherein each of the centralized routing components is implemented byan edge computing device, wherein the edge computing device on which theprimary centralized routing component is implemented exchanges routingprotocol data with the edge computing devices on which the secondaryrouting components are implemented in order to ensure that the secondarycentralized routing components forward the data traffic received fromDCNs in their respective datacenters to the primary centralized routingcomponent.
 14. A non-transitory machine-readable medium storing aprogram which when executed by at least one processing unit implements alogical router that spans a plurality of datacenters, the programcomprising sets of instructions for: receiving a configuration for a setof logical switches and a logical router that (i) handles data trafficbetween data compute nodes (DCNs) connected to the logical switches andendpoints not connected to the set of logical switches and (ii) performsstateful services on the data traffic, the DCNs comprising at least oneDCN operating in each datacenter of the plurality of datacenters; foreach respective datacenter in the plurality of datacenters, defining arespective centralized routing component based on the receivedconfiguration for the logical router, the respective centralized routingcomponent for handling the data traffic between the DCNs in therespective datacenter and the endpoints not connected to the set oflogical switches; and designating a particular centralized routingcomponent in a particular datacenter as a primary centralized routingcomponent and the other centralized routing components in the otherdatacenters as secondary centralized routing components, wherein thesecondary centralized routing components in the other datacentersforward data traffic, received from DCNs in their respective datacentersand for which stateful services are required, to the particulardatacenter's particular centralized routing component that operates asthe primary centralized routing component.
 15. The non-transitorymachine-readable medium of claim 14, wherein the program furthercomprises a set of instructions for defining a distributed routingcomponent based on the received configuration for the logical router,wherein the distributed routing component spans the plurality ofdatacenters and is implemented by host computers in each of thedatacenters as well as by edge computing devices to which thecentralized routing components are assigned in each of the datacenters.16. The non-transitory machine-readable medium of claim 15, wherein theprogram further comprises sets of instructions for: for each datacenterin the plurality of datacenters, defining a transit logical switch thatconnects the distributed routing component to the centralized routingcomponent defined for the datacenter; and defining a backplane logicalswitch that connects the centralized routing components in the pluralityof datacenters to each other, wherein the secondary centralized routingcomponents in the other datacenters forward data traffic to theparticular datacenter's particular centralized routing component via thebackplane logical switch.
 17. The non-transitory machine-readable mediumof claim 15, wherein data traffic sent from a first DCN connected to afirst logical switch of the set of logical switches to a second DCNconnected to a second logical switch of the set of logical switches isprocessed by the distributed routing component and not by any of thecentralized routing components.
 18. The non-transitory machine-readablemedium of claim 14, wherein the particular centralized routing componentin the particular datacenter that operates as the primary centralizedrouting component performs stateful services on (i) data trafficreceived from the secondary centralized routing components in the otherdatacenters, (ii) data traffic received from host computers in theparticular datacenter and directed to endpoints not connected to the setof logical switches, and (iii) data traffic received from endpoints notconnected to the set of logical switches and directed to DCNs connectedto the set of logical switches.
 19. The non-transitory machine-readablemedium of claim 18, wherein the logical router is a first logicalrouter, wherein data traffic received from endpoints not connected tothe set of logical switches is previously processed by a second logicalrouter that directly connects the first logical router to externalnetworks.
 20. The non-transitory machine-readable medium of claim 14,wherein the set of logical switches and the logical router are part of alogical network implemented across the plurality of datacenters, whereinthe endpoints not connected to the set of logical switches compriseendpoints external to the plurality of datacenters.
 21. Thenon-transitory machine-readable medium of claim 14, wherein the set ofinstructions for defining the centralized routing components for eachdatacenter comprises a set of instructions for defining, for eachdatacenter of the plurality of datacenters an active centralized routingcomponent and a standby centralized routing component based on thereceived configuration for the logical router.
 22. The non-transitorymachine-readable medium of claim 14, wherein each of the centralizedrouting components is implemented by an edge computing device, whereinthe edge computing device on which the particular centralized routingcomponent is implemented exchanges routing protocol data with the edgecomputing devices on which the secondary routing components areimplemented in order to ensure that the secondary centralized routingcomponents forward the data traffic received from DCNs in theirrespective datacenters to the particular datacenter's particularcentralized routing component that operates as the primary centralizedrouting component.